This document is an example of a risk assessment conducted for a hypothetical security company, including an asset invetory and risk mitigation strategy.
Risk is determined through a custom algorithm utilizing the FIPS 199.
The risk mitigation strategies are designed around the NIST 800 series of special publications, including the NIST 800-37, the NIST 800-39, the NIST 800-53, and the NIST 800-88.
This document was created as part of a larger exercise to build a comprehensive, actionable cybersecurity policy for a hypothetical organization.