Skip to main content

Risk Management

Enterprise Risk Assessment

A risk assessment project documenting assets, threats, likelihood, impact, and treatment options for management review.

Organization
Cybersecurity Internship Portfolio
Duration
3 weeks
Project Type
Risk Management
CIS RAMNIST CSFISO 27001

Business Context

Why the work mattered

The organization needed a repeatable way to understand cybersecurity risk beyond technical vulnerabilities. This project focused on documenting risks in a format that connected assets, threats, business impact, and treatment decisions.

Objectives

Engagement goals

Identify key assets and business processes.

Document realistic threat scenarios.

Evaluate likelihood and impact consistently.

Create a risk register with treatment recommendations.

Methodology

Structured process

The methodology explains how the work moved from context gathering to documented recommendations.

  1. Step 1

    Asset Context

    Understand what the organization needs to protect.

    Grouped systems, data, and processes by business importance.

  2. Step 2

    Risk Scenario Development

    Describe risk in business terms.

    Built scenarios connecting threats, vulnerabilities, impacts, and affected stakeholders.

  3. Step 3

    Analysis

    Prioritize risks using consistent criteria.

    Assessed likelihood, impact, existing controls, and residual risk.

  4. Step 4

    Treatment Planning

    Recommend practical options for risk owners.

    Documented mitigation, acceptance, transfer, and avoidance recommendations.

Deliverables

Artifacts produced

Risk Management

Risk Register

Documented risks, ratings, owners, treatment options, and review cadence.

Creates a reusable decision record for cybersecurity risk governance.

Executive Reporting

Risk Summary Brief

Management-focused summary of top risks and recommended actions.

Helps stakeholders understand which risks need attention first.

Skills Demonstrated

Professional competencies

Risk AssessmentRisk RegisterBusiness Impact Analysis

Outcomes

Project impact

  • Risks were expressed in language that supports business decision making.
  • Treatment options were documented with practical ownership expectations.
  • The assessment model can be reused as the organization matures.

Lessons Learned

Professional growth

Clear risk scenarios improve stakeholder alignment.
A risk register is more valuable when owners and review cycles are explicit.

Related Projects

Continue exploring

Governance

Governance Policy Development

A structured policy development engagement aligning security expectations with business objectives and recognized frameworks.

ISO 27001NIST CSFCIS Controls
Policy DevelopmentControl MappingTechnical Writing
View case study

Internal Audit

Internal Cybersecurity Audit

An internal assessment that reviewed security controls, documented gaps, and produced a prioritized remediation roadmap.

NIST CSFCIS ControlsISO 27001
Internal AuditGap AnalysisRisk Reporting
View case study

Vendor Risk

Third-Party Risk Assessment

A vendor review workflow covering due diligence, control questions, risk scoring, and onboarding recommendations.

NIST CSFISO 27001CIS Controls
Vendor AssessmentQuestionnaire DesignRisk Scoring
View case study

Discuss GRC opportunities

Contact Osen after reviewing this project or download the resume for a concise overview.