For an enterprise faced with multiple compliance requirements as well as the changing security needs of the business, risk is both a four-letter word and an opportunity. Risk assessments serve as the foundation for a strategic approach to compliance while helping to create an effective long-term risk management program. With our experience and expertise in completing risk assessments, tailored for businesses of all sizes, SecureTrust is the right partner to help you assess — and address — your vulnerability to existing and evolving threats.


  • Information security risks include the possibility of business damage due to loss of confidentiality, integrity, or availability of information. SecureTrust's Enterprise risk-assessment services provide the basis to build or refine the most appropriate information security program for your organization. This service scopes your project individually to determine the best approach for your business – customized and scaled appropriately.

    The foundation of the service is SecureTrust's proven methodology, which combines elements from best practices such as National Institute of Standards and Technology (NIST) and OCTAVE. As experts in complex risk assessment, we will wade through your risk challenges and help you assess the critical elements.

    The assessment includes key activities such as:

    • Discovery
    • Asset Classification
    • Vulnerability Discovery
    • Control Assessment
    • Threat Assessment
    • Risk Formulation
    • Impact and Likelihood Assessment

    Each assessment concludes with a full risk assessment report, including priorities, recommendations and a full narrative of our findings. We will present the findings to your team to help guide decision-making that is in-line with your risk posture.


  • As a leader in risk management and compliance, SecureTrust's unrivaled approach combines best practices to ensure the assessment is thorough and thoughtful.

    • Understand Your Risk Posture

      A baseline risk assessment is a requirement for multiple compliance requirements across industries. With a Trustwave risk assessment, you can meet compliance obligations and gain an understanding of your exposure to threats and vulnerabilities, through risk identification and risk mitigation prioritization for your key assets and systems, policies, procedures and controls across business units.

    • Identify Costs and Efficiencies

      The risk assessment will also estimate the likelihood and potential impact of identified threats exploiting known vulnerabilities. This helps your organization decide how to take action to reduce the likelihood and impact of an adverse event. The assessment will help guide your decisions for return on investment, budget allocation, control selection and efficient utilization of resources.

    • Address Emerging Threats

      Your business needs to move with the fast pace of technology to serve your customers best. The Trustwave risk assessment will help you identify these emerging threats and help your organization plan for secure scalability and cost reduction when reviewing new vendors and technologies.

    • Regulatory Compliance Baseline

      Your organization likely has to comply with at least one, if not many, regulatory compliance standards. A risk assessment is a requirement for compliance standards, such as the Health Insurance Portability and Accountability Act (HIPAA), International Organization for Standardization (ISO), and the Payment Card Industry Data Security Standard (PCI DSS). A Trustwave Information Security Risk Assessment can help achieve this requirement across industry standards.

  • Risk assessments should identify risks against risk acceptance criteria and organizational objectives. Risk assessments should also be performed periodically to address changes in the security requirements and in the risk situation.

    ISO 27001, Clause 4.1

How It Works

  • SecureTrust's risk assessment approach incorporates proven methodologies to ensure that industry best practices are followed, and so that your custom engagement is scaled to the business challenges. We follow industry guidelines such as:

  • National Institute of
    Standards and Technology

    Risk Assessment of threats in conjunction with vulnerabilities and existing controls.

  • Operationally Critical Threat,
    Asset, and Vulnerability Evaluation

    A Risk Assessment will provide information needed to make risk management decisions regarding the degree of security remediation.

  • International Organization for
    Standardization: ISO 27005

    Risk Assessment = Risk Identification + Risk Estimation/Evaluation

  • An engagement with SecureTrust follows our own unique assessment methodology - a combined approach that puts the right seasoned expert on the project, with the right level of analysis. Our consultants will work with your teams to ensure that the assessment includes the right stakeholders, assets and controls for the need at hand. This close working relationship yields the most productive results. We'll provide you with a full report of the engagement, including:

    • Priority ranked risks to your business
    • Risk mitigation recommendations
    • Decision support consulting
    • Business discovery
    • Threat environment discovery
    • Observed best practices