Skip to Main Content

Compliance Risk Assessments

Evaluate and treat risks related to in-scope assets

Stay up-to-date on risk assessment requirements

Risk assessments are required as part of many regulatory and contractual processes, and ISO 27005, NIST 800-30, PCI DSS all include specific practices for performing these assessments. Our risk assessments use specific practices for evaluating and treating risks related to in-scope assets. The ISO 27005 methodology aligns closely with the requirements of ISO 27001, while NIST SP 800-30 methodology is often used to support other federal requirements including NIST SP 800-53, NIST SP 800-171, CMMC, and HIPAA.

Related Links

“Weaving risk, group theory, and adaptation with business strategy is one way we stand out.”
Rockie BrockwayDirector of Advisory Innovations

Read Our Blog

Explore current cybersecurity topics on the TrustedSec Security Blog

Blog May 04 2023

Why Risk Assessments are Essential for Information Security Maturity

Introduction Many compliance frameworks require Information Security Risk Assessments, and some organizations may receive third-party requests for Risk…

Read about this article
Blog May 16 2023

Cybersecurity Policy Enforcement: Strategies for Success

Introduction Your organization has invested significant effort in formally documenting its approach toward cybersecurity to enhance accountability and…

Read about this article
Blog April 27 2023

Compliance Abuse: When Compliance Frameworks are Misapplied

Introduction Here at TrustedSec, we help our clients achieve and maintain compliance with a variety of Information Security and privacy frameworks. We often…

Read about this article
Blog November 29 2022

Measuring the Impact of a Security Awareness Program

Our goal in building a security awareness program is to embed security into our partners' existing organizational culture. Impacting culture is a long-term…

Read about this article
Blog September 02 2022

Detection and Alerting: Selecting a SIEM

Summary Basic SIEM requirements should be in place to create mature detections for a variety of log sources, including network logs, system logs, and…

Read about this article
Blog August 31 2022

Maturity, Effectiveness, and Risk - Security Program Building and Business Resilience

One of the most common questions asked by business leadership is also one of the most challenging to answer: “How secure are we?” Now, some of you reading this…

Read about this article
Blog January 06 2022

An 'Attack Path' Mapping Approach to CVEs 2021-42287 and 2021-42278

1.0 Introduction On Friday, December 10, 2021, Charlie Clark (@exploitph) published a blog post detailing the weaponization of CVEs 2021-42287 and 2021-42278.…

Read about this article
Blog November 16 2021

How we’re making sense of CMMC 2.0

On November 5, 2021, the Office of the Secretary for the Department of Defense produced a document outlining updates for the Cybersecurity Maturity Model…

Read about this article
Blog July 13 2021

Reducing Merchant Scope to Ease the Compliance Burden

Merchants should spend more time doing what they are good at—i.e., selling and merchandising—versus trying to keep up with validating and maintaining PCI…

Read about this article
Blog June 15 2021

The Backup Paradigm Shift: Moving Toward Attack Response Systems

Black Hawk Down I’m guessing a lot of us in the IT and Security space have experienced the gut wrenching feeling of not receiving that ICMP ping reply you were…

Read about this article

Empower your business through better security design.

Talk directly with our experienced advisory consultants to learn how we can help.