Compliance Risk Assessments
Evaluate and treat risks related to in-scope assets
Stay up-to-date on risk assessment requirements
Risk assessments are required as part of many regulatory and contractual processes, and ISO 27005, NIST 800-30, PCI DSS all include specific practices for performing these assessments. Our risk assessments use specific practices for evaluating and treating risks related to in-scope assets. The ISO 27005 methodology aligns closely with the requirements of ISO 27001, while NIST SP 800-30 methodology is often used to support other federal requirements including NIST SP 800-53, NIST SP 800-171, CMMC, and HIPAA.
“Weaving risk, group theory, and adaptation with business strategy is one way we stand out.”Rockie BrockwayDirector of Advisory Innovations
Rockie Brockway
Director of Advisory InnovationsRockie's focus is on helping organizations strengthen their security posture by better aligning security with business needs and requirements.
Read Our Blog
Explore current cybersecurity topics on the TrustedSec Security Blog
Why Risk Assessments are Essential for Information Security Maturity
Introduction Many compliance frameworks require Information Security Risk Assessments, and some organizations may receive third-party requests for Risk…
Skimming Credentials with Azure's Front Door WAF
A Web Application Firewall (WAF) is a powerful thing. It inspects all traffic that traverses it, seeing everything that is submitted to a page. EVERYTHING.…
PCI P2PE vs. E2EE – Scoping it Out
If your payment processor says they use “End-to-End Encryption” your PCI DSS compliance scope may be bigger than you expect. In this blog, we break down how…
HIPAA Applicability - Understanding the Security, Breach Notification, and Privacy Rules
This post is intended to help organizations understand how the Health Insurance Portability and Accountability Act (HIPAA) Security, Breach Notification, and…
CMMC NOPE: Why You Don’t Need to be CMMC Compliant
As a Cybersecurity Maturity Model Certification Registered Practitioner Organization (CMMC-RPO), TrustedSec fields many requests from organizations looking for…
HIPAA Business Associates - What’s Your Function?
Many teams working with health care providers receive requests to sign a Business Associate Agreement. In this blog, we break down HIPAA’s definition of a…
HIPAA Covered Entities - It’s More Than Just PHI
Handling health records doesn’t automatically make an organization a Covered Entity. In this blog, we help clear up common misconceptions so teams can better…
WSUS Is SUS: NTLM Relay Attacks in Plain Sight
Windows Server Update Services (WSUS) is a trusted cornerstone of patch management in many environments, but its reliance on HTTP/HTTPS traffic makes it a…
A Big Step on the CMMC Rollout Timeline
A major step on the CMMC rollout timeline was completed recently as the regulatory change that will create the CMMC contract clause made its way to the Office…
Detecting Active Directory Password-Spraying with a Honeypot Account
Password-spraying is a popular technique which involves guessing passwords to gain control of accounts. This automated password-guessing is performed against…
Empower your business through better security design.
Talk directly with our experienced advisory consultants to learn how we can help.
