Instructions
In this assignment you will be conducting a risk assessment. This will not be a technical risk assessment, but an assessment of your hypothetical organization/business. For your organization/business, take the NIST Cybersecurity Framework controls and reduce them to system configuration requirements and system test cases with pass/fail criteria. Refer to the “Framework for Improving Critical Infrastructure Cybersecurity,” located within the Course Materials.
Include the following in a report:
- Describe when some controls cannot be implemented (such as on a personal laptop).
- Explain what is to be done in each case identified above to compensate for controls that cannot be implemented (e.g., create an identification authentication scheme).
- Demonstrate how compensating controls can ensure the non-compliant system can continue to operate within the secured and compliant environment.
- Discern the likelihood of a cybersecurity breach within the compliant environment and the impact it might have on the organization (make sure to consider emerging risks, threats, and vulnerability).
APA style is not required, but solid academic writing is expected.
Refer to “Organizational Risk Assessment Scoring Guide,” prior to beginning the assignment to become familiar with the expectations for successful completion.