The goal of this project is to evaluate the cybersecurity posture of a small business to ensure it is adequately protected against potential cyber threats. Learners will begin by conducting a comprehensive assessment of the organization’s current security infrastructure, policies, and practices. This includes identifying existing vulnerabilities, analyzing potential threats, and evaluating the likelihood and impact of various risks. Using the established cybersecurity frameworks of SOC-2 Type 2, learners will then develop a detailed, prioritized mitigation plan that outlines specific actions to strengthen security controls, reduce risk exposure, and enhance overall resilience. The final deliverable will provide the organization with a clear, actionable roadmap to improve its cybersecurity posture in alignment with industry best practices.

• Cybersecurity Assessment Report: A detailed report evaluating the current cybersecurity posture of the organization or simulated environment, including an inventory of assets, identified vulnerabilities, and associated risks.
• Risk Analysis Matrix: A visual and analytical breakdown of identified threats, including likelihood, impact, and risk levels to help prioritize remediation efforts.
• Mitigation Plan: A prioritized action plan recommending specific technical, administrative, and policy-based controls to address identified vulnerabilities. The plan will be aligned with recognized industry standards of SOC-2 Type 2.
• Framework Alignment Summary: A summary of how the organization's current and proposed cybersecurity practices align with selected frameworks, highlighting compliance gaps and improvement areas.
• Presentation of Findings: A clear, professional presentation summarizing the key findings, risks, and recommended actions, tailored for both technical and non-technical stakeholders.
• Optional Security Awareness Briefing: A short educational resource or briefing to help the organization improve cybersecurity awareness among staff, if applicable.

Outcomes include a clearer understanding of the organization's cybersecurity risks, a roadmap for strengthening defenses, and improved readiness to protect sensitive data and operations.