Introduction & Overview
This project focuses on conducting a vulnerability assessment for a small e-commerce business, simulating the type of work cybersecurity analysts perform in real-world environments. The assessment examines a remote database server that has been publicly accessible since the company’s launch, identifying the potential risks in this and outlining strategies to mitigate/remediate them.
The goal of the report is to evaluate the system’s security posture using the NIST SP 800-30 Rev. 1 risk assessment framework, which helps ensure a structured and realistic analysis. The assessment highlights how this vulnerable database impacts the confidentiality, integrity, and availability of critical business operations, while also looking at potential threats such as data breaches, unauthorized access, service disruptions, and others.
In addition to identifying risks, the assessment provides practical remediation strategies tailored to the organization’s needs. These recommendations include strengthening access controls, implementing better monitoring practices, and ensuring compliance with industry security standards.
This project is good practice for my ability to:
- Conduct structured risk assessments with clear methodology.
- Translate technical vulnerabilities into business risks where non-technical people involved can understand.
- Develop realistic remediation plans that balance security with a companies operational needs.
To give you a sense of how NIST defines the role of risk assessments, the publication explains:
“The purpose of Special Publication 800-30 is to provide guidance for conducting risk assessments of federal information systems and organizations, amplifying the guidance in Special Publication 800-39. Risk assessments, carried out at all three tiers in the risk management hierarchy, are part of an overall risk management process — providing senior leaders/executives with the information needed to determine appropriate courses of action in response to identified risks” (National Institute of Standards and Technology [NIST], 2012).
The full PDF report is attached below
Likelihood x Impact = Risk
