Academic project demonstrating a FAIR-based cybersecurity risk assessment for a simulated healthcare organization.
This repository contains my university project on cybersecurity risk assessment using the FAIR (Factor Analysis of Information Risk) framework.
It demonstrates the process of identifying, analyzing, and mitigating cyber risks for a simulated healthcare organization (MSHS).
This project was completed as part of my University Cybersecurity Risk Management course.
It applies the FAIR methodology and complementary frameworks like NIST CSF and MITRE ATT&CK to assess risks in a simulated healthcare environment.
Objective:
To quantify cybersecurity risks affecting electronic health record (EHR) systems and propose data-driven mitigation strategies.
Key Focus Areas:
- Identifying critical assets and threat actors
- Mapping vulnerabilities to MITRE ATT&CK techniques
- Calculating risk probabilities and potential loss magnitude
- Recommending prioritized mitigation actions
| Framework | Purpose |
|---|---|
| FAIR | Quantitative risk analysis |
| NIST CSF | Governance and control alignment |
| MITRE ATT&CK | Threat behavior mapping |
The analysis evaluates potential risks such as:
- Insider threats
- Ransomware attacks
- Data breaches
- Credential compromise
- System downtime
- Highest risk area: Insider credential misuse
- Moderate risk areas: Ransomware, phishing campaigns
- Recommended controls: MFA enforcement, network segmentation, employee training
- Expected outcome: Reduced risk exposure by ~45% in modeled scenarios
| File | Description |
|---|---|
Risk_Assessment_Report.pdf |
Full report with detailed analysis |
README.md |
Summary and explanation of the project |
This project was created for academic purposes only.
All organizations, systems, and data are fictional or simulated.
The report does not reference any real entities or infrastructures.
- Risk modeling with FAIR framework
- Threat analysis with MITRE ATT&CK
- Governance alignment via NIST CSF
- Report writing and documentation in a professional format
If you’d like to discuss this project or my methodology: