Compliance Risk Assessments
Evaluate and treat risks related to in-scope assets
Stay up-to-date on risk assessment requirements
Risk assessments are required as part of many regulatory and contractual processes, and ISO 27005, NIST 800-30, PCI DSS all include specific practices for performing these assessments. Our risk assessments use specific practices for evaluating and treating risks related to in-scope assets. The ISO 27005 methodology aligns closely with the requirements of ISO 27001, while NIST SP 800-30 methodology is often used to support other federal requirements including NIST SP 800-53, NIST SP 800-171, CMMC, and HIPAA.
“Weaving risk, group theory, and adaptation with business strategy is one way we stand out.”Rockie BrockwayDirector of Advisory Innovations
Rockie Brockway
Director of Advisory InnovationsRockie's focus is on helping organizations strengthen their security posture by better aligning security with business needs and requirements.
Read Our Blog
Explore current cybersecurity topics on the TrustedSec Security Blog
Why Risk Assessments are Essential for Information Security Maturity
Introduction Many compliance frameworks require Information Security Risk Assessments, and some organizations may receive third-party requests for Risk…
What is Your Compliance Kryptonite?
Understanding PCI DSS requirements and avoiding misinterpretations of security controls can be frustrating for organizations, especially when it comes to…
CMMC NOPE: Why You Don’t Need to be CMMC Compliant
As a Cybersecurity Maturity Model Certification Registered Practitioner Organization (CMMC-RPO), TrustedSec fields many requests from organizations looking for…
Book Review - The Definitive Guide to PCI DSS Version 4
As a PCI QSA, I have answered numerous questions about the new PCI DSS Version 4. With over 500 total controls, and at least 100 of them unique to this…
Compliance Abuse: When Compliance Frameworks are Misapplied
TrustedSec helps organizations choose and implement the right compliance frameworks to address their unique needs, from NIST SP 800-53 to ISO 27001, and…
How we’re making sense of CMMC 2.0
On November 5, 2021, the Office of the Secretary for the Department of Defense produced a document outlining updates for the Cybersecurity Maturity Model…
Reducing Merchant Scope to Ease the Compliance Burden
Implementing P2PE or E2EE solutions can significantly reduce PCI compliance scope, saving merchants time and effort, and allowing for a 90% reduction in…
Strength Training With Transport Cryptology: Part 2
Review the latest PCI Security Standards Council (PCI-SSC) guidelines for evaluating application cipher suites and ensure compliance with version 4.0 standards…
Strength Training With Transport Cryptology: Part 1
Get expert guidance on transport security with authoritative analysis of protocols and cipher suites, helping you identify weak points and improve application…
TrustedSec Approved as a CMMC Registered Provider Organization!
TrustedSec, a CMMC-AB-approved Registered Provider Organization, enhances security maturity for Defense Industrial Base organizations, offering expert advice…
Empower your business through better security design.
Talk directly with our experienced advisory consultants to learn how we can help.
