Problem
Security gaps matter most when they are connected to business impact. This project practiced turning technical findings into risk language that leadership can prioritize.
Governance, Risk, Compliance
A structured cybersecurity risk assessment project focused on business impact, compliance risk, and remediation recommendations.
Security gaps matter most when they are connected to business impact. This project practiced turning technical findings into risk language that leadership can prioritize.
The simulated organization showed elevated risk from inconsistent access review, weak documentation, and limited evidence of control ownership. The recommended priority was to reduce identity and data-handling risk first because those gaps could affect regulated information, audit readiness, and incident response speed.
The work connects with the kind of client-ready deliverables I built during my MSP internship, including scored findings, maturity assessment language, and remediation guidance.
| Risk | Likelihood | Impact | Priority | Recommended Action |
|---|---|---|---|---|
| Stale or excessive user access | Medium | High | High | Run quarterly access reviews, remove stale accounts, document owners, and validate privileged roles. |
A good GRC artifact should not just list problems. It should explain why they matter, how likely they are, what they could cost the organization, and what should be done next.