This project presents a cybersecurity risk assessment conducted for a simulated small insurance organization. The objective was to identify key risks, evaluate their likelihood and impact, and visualize overall risk exposure.
- Microsoft Excel
- Risk scoring methodology (Likelikelihood + Impact)
- Data Visualization (Heat Map)
The organization consists of approximately 25 employees and handles sensitive client data including policy documents, claims information, and financial records. Systems include Microsoft 365, laptops, shared drives, and internal applications.
- Identified key assets, threats, and vulnerabilities
- Assessed risk using Likelihood (1–5) and Impact (1–5)
- Calculated Risk Score = Likelihood × Impact
- Classified risks (Low, Medium, High, Critical)
- Visualized risk using a heat map
- Phishing and account takeover represent the highest risks
- Lack of multi-factor authentication increases exposure
- Absence of tested backups introduces ransomware risk
- Weak access controls create unauthorized access risks
- Risk Register (Excel)
- Risk Heat Map Visualization
- Risk analysis and prioritization
- Business impact assessment
- Cybersecurity fundamentals (GRC)
- Data visualization and reporting
This project demostrates the ability to:
- Identify and prioritize cybersecurity risks
- Translate technical risk into business impact
- Communicate findings using visual tools
- Apply foundational GRC principles