This project simulates a cybersecurity risk assessment for a fictional fintech company, FinGuard, using the ISO/IEC 27001 standard. It demonstrates practical risk analysis skills and how to apply security controls to reduce cyber threats.
- Project Overview
- Objectives
- Files Included
- Key Risk Areas
- ISO 27001 Controls Used
- Lessons Learned
- Project Status
- Company: FinGuard (Fictional)
- Industry: Fintech
- Focus: Cloud infrastructure and data security
- Standard Used: ISO/IEC 27001 (Information Security Management)
- Identify and categorize cybersecurity risks
- Map threats to appropriate ISO 27001 controls
- Build a risk matrix with impact analysis
- Communicate risk assessment findings clearly
| File Name | Description |
|---|---|
| Risk_Assessment_report.pdf | Complete written report outlining risks and recommendations |
| Risk_Matrix.xlsx | Risk matrix with threat likelihood, impact scores, and mapped controls |
| Threat_Model_Diagram.png | Visual threat model for the company's data flow and vulnerabilities |
- Cloud Misconfigurations – exposing sensitive data
- Insider Threats – unauthorized data access
- Unencrypted Communications – risk of MITM attacks
- Weak Device Security – especially on remote developer machines
- A.9 – Access Control
- A.10 – Cryptographic Techniques
- A.12 – Operational Procedures and Responsibilities
- A.18 – Compliance and Auditing
- Learned how to perform structured cybersecurity risk assessments
- Gained practical experience applying ISO/IEC 27001 controls
- Developed skills in threat modeling and professional reporting
- Improved ability to simulate real-world company environments
✅ Completed
This project was created for skill-building and portfolio purposes as part of a self-directed learning plan in cybersecurity and risk management.