2026 / Structured portfolio / academic-style assessment project
Enterprise Cybersecurity Risk Assessment
ISO/IEC 27001:2022-aligned risk assessment based on a public company scenario
Produced a structured enterprise risk assessment for a global trading-style organisation scenario, covering business context, asset identification, risk analysis, treatment options, and a summary risk matrix.
This project was originally framed around a public-company scenario. The portfolio now presents it generically to avoid implying official client work.
GRCISO 27001Risk AssessmentCloud SecurityIAMVendor Risk
Problem
Broad cyber threats needed to be translated into clear risk statements, prioritised exposure, and governance-ready treatment options.
Approach
Identified eight material risks, assessed likelihood and impact, then linked treatments to ISO/IEC 27001:2022-aligned control areas including MFA, EDR, PAM, vendor risk governance, cloud security posture management, awareness training, incident response readiness, and access review.
Outcome
Produced a governance-ready risk register and treatment summary showing how eight cyber risks could be prioritised and reduced through ISO 27001-aligned controls.
Tools / Frameworks
ISO/IEC 27001:2022Risk matrixControl treatmentAssurance writing
Evidence Produced
- Risk register
- Summary risk matrix
- Control treatment view
- Governance-ready written analysis
Material Risks Identified
Phishing and social engineeringRansomwareInsider threatTrading IP theftDDoSSupply chain compromiseCloud misconfigurationWeak IAM
Controls / Treatment Themes
MFAEDRPAMVendor risk governanceCloud security posture managementAwareness trainingIncident response readinessAccess review
Evidence / Artefacts
Coming soon
PDF report
Downloadable report not published yet.
Coming soonComing soon
Risk register
Inspectable risk register not published yet.
Coming soonComing soon
Summary risk matrix
Likelihood and impact matrix not published yet.
Coming soonComing soon
Control treatment view
ISO 27001-aligned treatment mapping not published yet.
Coming soonComing soon
Written analysis
Governance-ready written analysis not published yet.
Coming soonLimitations
This was a structured portfolio / academic-style risk assessment based on public business-context assumptions. It was not an internal engagement with any named company and does not imply employment, endorsement, or access to internal systems.
What I Learned
Translated broad cyber threats into risk statements, prioritised exposure, and control treatment language for governance review.
Next Improvement
Add a downloadable PDF, a sanitised risk matrix, and a clearer mapping between each risk and ISO/IEC 27001:2022 control themes.
Next Step