Information Security Risk Assessment

Subject: IFN635 — Cybersecurity and Governance

Type: Group Project

Tools: Risk assessment methodology, NIST SP 800-171, Microsoft Purview, BeyondTrust PAM

Overview

Conducted a formal information security risk assessment for Ironclad Systems, a fictional Australian defence contractor specialising in drone and weapons systems manufacturing. The client held DoD contracts and NATO-aligned partnerships, making the stakes of a security breach extremely high.

What We Did

Assessed 6 critical information assets including drone control system source code, classified operational data, and communication infrastructure Identified and scored 12 risks across a likelihood/impact matrix, producing 9 critical and 3 high severity findings Contributed the individual analysis of the drone control source code asset (AST-01), justifying a medium availability rating based on the distinction between repository access and compiled firmware in field operation Recommended prioritised treatment actions within a constrained budget, including Microsoft Purview RBAC for classified document access control ($15K, 4 weeks to deploy) and BeyondTrust PAM for source code repository access ($55K) Developed the risk appetite statement and scope definition, factoring in the organisation’s low tolerance for residual risk given active DoD contract obligations

Key Skills Demonstrated

Information security risk assessment, threat modelling, asset classification, CIA triad analysis, control selection and cost-benefit analysis, defence sector compliance (CMMC/NIST), executive communication