This project outlines a structured approach to managing cybersecurity risk based on NIST SP 800-37 and SP 800-30. The report includes threat identification, risk scoring, impact analysis, and the implementation of mitigation controls across key operational areas.
The report walks through the risk management process using a phased model:
- Categorization of Assets
- Threat and Vulnerability Identification
- Likelihood and Impact Ratings
- Risk Scoring (using qualitative matrix)
- Security Control Selection (aligned to NIST 800-53)
- Mitigation Planning
Focus areas include:
- Insider threat scenarios
- Supply chain security considerations
- Technical safeguards and configuration hardening
- Governance policies and audit readiness
- NIST SP 800-30 Rev. 1 – Risk Assessment Guide
- NIST SP 800-37 Rev. 2 – RMF for Information Systems
- NIST SP 800-53 Rev. 5 – Security and Privacy Controls
Michael Twining
Cybersecurity Researcher | Risk & Compliance | GitHub: @usrtem
📫 Contact: michael.twining@outlook.com
🌐 Portfolio: LinkedIn | YouTube
This project is shared under the Creative Commons Attribution 4.0 International License.