This will not be a technical risk assessment, but an assessment of your hypothetical organization/business. For your organization/business, take the NIST Cybersecurity Framework controls and reduce them to system configuration requirements and system test cases with pass/fail criteria. Refer to the “Framework for Improving Critical Infrastructure Cybersecurity,” located within the Course Materials. Then, include the following in a report:
- Describe when some controls cannot be implemented (such as on a personal laptop).
- Explain what is to be done in each case identified above to compensate for controls that cannot be implemented (e.g., create an identification authentication scheme).
- Demonstrate how compensating controls can ensure the non-compliant system can continue to operate within the secured and compliant environment.
- Discern the likelihood of a cybersecurity breach within the compliant environment and the impact it might have on the organization (make sure to consider emerging risks, threats, and vulnerability).