Identify key assets and business processes.
Risk Management
Enterprise Risk Assessment
A risk assessment project documenting assets, threats, likelihood, impact, and treatment options for management review.
- Organization
- Cybersecurity Internship Portfolio
- Duration
- 3 weeks
- Project Type
- Risk Management
Business Context
Why the work mattered
The organization needed a repeatable way to understand cybersecurity risk beyond technical vulnerabilities. This project focused on documenting risks in a format that connected assets, threats, business impact, and treatment decisions.
Objectives
Engagement goals
Document realistic threat scenarios.
Evaluate likelihood and impact consistently.
Create a risk register with treatment recommendations.
Methodology
Structured process
The methodology explains how the work moved from context gathering to documented recommendations.
Step 1
Asset Context
Understand what the organization needs to protect.
Grouped systems, data, and processes by business importance.
Step 2
Risk Scenario Development
Describe risk in business terms.
Built scenarios connecting threats, vulnerabilities, impacts, and affected stakeholders.
Step 3
Analysis
Prioritize risks using consistent criteria.
Assessed likelihood, impact, existing controls, and residual risk.
Step 4
Treatment Planning
Recommend practical options for risk owners.
Documented mitigation, acceptance, transfer, and avoidance recommendations.
Deliverables
Artifacts produced
Risk Register
Documented risks, ratings, owners, treatment options, and review cadence.
Creates a reusable decision record for cybersecurity risk governance.
Risk Summary Brief
Management-focused summary of top risks and recommended actions.
Helps stakeholders understand which risks need attention first.
Skills Demonstrated
Professional competencies
Outcomes
Project impact
- Risks were expressed in language that supports business decision making.
- Treatment options were documented with practical ownership expectations.
- The assessment model can be reused as the organization matures.
Lessons Learned
Professional growth
Related Projects
Continue exploring

Governance
Governance Policy Development
A structured policy development engagement aligning security expectations with business objectives and recognized frameworks.

Internal Audit
Internal Cybersecurity Audit
An internal assessment that reviewed security controls, documented gaps, and produced a prioritized remediation roadmap.

Vendor Risk
Third-Party Risk Assessment
A vendor review workflow covering due diligence, control questions, risk scoring, and onboarding recommendations.
Discuss GRC opportunities
Contact Osen after reviewing this project or download the resume for a concise overview.