TrustCyber is a Microsoft Security Risk Intelligence Platform that analyzes your Microsoft 365 security posture, identifies exposure across critical domains, and generates a prioritized remediation roadmap aligned with NIST CSF, CIS Controls, ISO 27001, and SOC 2.

How long does the security assessment take?

The TrustCyber risk assessment takes approximately 7 minutes to complete. No system access or technical expertise is required.

What security frameworks does TrustCyber align with?

TrustCyber assessments and remediation roadmaps are aligned with NIST CSF, CIS Controls, ISO 27001, and SOC 2 frameworks.

Does TrustCyber require access to my systems?

No. TrustCyber does not require direct access to your systems or infrastructure. The assessment is completed through a structured questionnaire.

Guides & Articles

How TrustCyber Calculates Risk Scores

A detailed explanation of how TrustCyber calculates your Risk Score, Compliance Score, Ransomware Exposure, and Copilot Readiness scores from Microsoft 365 security data.

TrustCyber calculates four primary scores from your Microsoft 365 security posture data. Each score is expressed as a number from 0 to 100, where higher scores indicate better security posture. Scores are recalculated every time you run a new assessment.

The Four Primary Scores

Score	Range	What It Measures
Risk Score	0-100	Overall security posture across all 8 domains. Higher is better.
Compliance Score	0-100	Alignment with NIST CSF, CIS Controls, ISO 27001, and SOC 2. Higher is better.
Ransomware Exposure	0-100	Likelihood of ransomware impact based on backup, endpoint, and email controls. Lower is better.
Copilot Readiness	0-100	Readiness to safely deploy Microsoft Copilot for M365 based on data governance and access controls. Higher is better.

How the Risk Score Is Calculated

The Risk Score is a weighted average of your 8 domain scores. Each domain is assigned a weight based on its relative impact on overall security posture. The weights are derived from the NIST Cybersecurity Framework and CIS Controls v8 risk prioritization guidance.

Domain	Weight	Key Signals
Identity & Access	25%	MFA enforcement, privileged account controls, conditional access policies
Endpoint Protection	20%	Intune compliance, Defender for Endpoint coverage, patch management
Email Security	15%	DMARC/DKIM/SPF, anti-phishing policies, Defender for Office 365
Data Governance	15%	Sensitivity labels, DLP policies, external sharing controls
Cloud Configuration	10%	Azure AD security defaults, legacy authentication, risky sign-ins
Backup & Recovery	5%	OneDrive versioning, Exchange backup, recovery point objectives
Incident Response	5%	Security alert response time, SIEM integration, incident playbooks
Compliance & Governance	5%	Compliance Manager score, audit log retention, eDiscovery readiness

Score Interpretation

Score Range	Rating	Recommended Action
80-100	Strong	Maintain current controls. Schedule quarterly assessments to monitor drift.
60-79	Moderate	Address High severity findings within 30 days. Review domain scores for gaps.
40-59	Elevated Risk	Address Critical findings immediately. Engage security team for remediation planning.
0-39	Critical Risk	Immediate action required. Contact TrustCyber for emergency remediation support.

NoteRisk Scores are relative to your current Microsoft 365 configuration. A score of 75 does not mean you are 75% secure in an absolute sense — it means your configuration is stronger than approximately 75% of organizations with a similar profile.

How Scores Change Over Time

TrustCyber tracks your scores across every assessment, allowing you to visualize your security posture trend over time. Scores typically improve after remediating Critical and High findings. Common score improvements include enabling MFA for all users (+8-12 points), deploying Defender for Endpoint (+5-8 points), and configuring DMARC enforcement (+3-5 points).

← PreviousChangelogGuides & Articles

Next →Understanding Security Domain ScoresGuides & Articles