Skip to content
This repository has been archived by the owner on Dec 11, 2024. It is now read-only.
/ Security-and-Risk-Report Public archive

A report made for the course of Security and Risk, M.Sc. in Computer Science, UniPD

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

gabrielrovesti/Security-and-Risk-Report

BranchesTags

Repository files navigation

NIST CSF Assessment Report - Acme Healthcare Systems

Overview

This repository contains a comprehensive NIST Cybersecurity Framework (CSF) 2.0 assessment report for Acme Healthcare Systems, a healthcare services provider serving a metropolitan area. The assessment evaluates the organization's cybersecurity posture across all NIST CSF core functions using both AI-driven and human analysis approaches.

Repository Structure

├── report/
│   └── NIST_CSF_Assessment_Report.pdf
├── figures/
│   ├── company_organizational_chart.png
│   └── nist_csf_functions.png
├── references/
│   └── bibliography.md
└── README.md

Executive Summary

The assessment covers a healthcare organization with approximately 500 professionals, analyzing its cybersecurity controls and risks across seven major departments:

  • Medical Department
  • Administrative Department
  • Information Technology (IT) Department
  • Human Resources (HR) Department
  • Finance Department
  • Procurement and Supply Chain Department
  • Quality Assurance and Compliance Department

Assessment Framework

The analysis follows the NIST CSF 2.0 core functions:

  1. Govern (GV)
  2. Identify (ID)
  3. Protect (PR)
  4. Detect (DE)
  5. Respond (RS)
  6. Recover (RC)

Methodology

The assessment combines:

  • AI-driven analysis using Claude.ai (Sonnet and Opus models)
  • Human expert analysis and validation
  • NIST CSF 2.0 guidelines and best practices
  • Healthcare industry-specific considerations

Key Findings

The report provides detailed analysis across multiple critical areas:

  • Asset Management
  • Risk Assessment
  • Identity and Access Management
  • Continuous Monitoring
  • Incident Response
  • Recovery Planning

Usage

This report serves as:

  • A baseline assessment of current cybersecurity posture
  • A guide for implementing security improvements
  • A reference for compliance with healthcare regulations
  • A framework for ongoing security monitoring and enhancement

Compliance Context

The assessment takes into account critical healthcare compliance requirements:

  • HIPAA compliance
  • Patient data privacy
  • Healthcare industry regulations
  • Data protection standards

Contributing

For updates or contributions to this assessment:

  1. Fork the repository
  2. Create a feature branch
  3. Submit a pull request with detailed description of changes
  4. Ensure all changes align with NIST CSF 2.0 guidelines

References

  1. NIST CSF 2.0 Documentation
  2. Pan Dhoni, R. K. - "Synergizing Generative AI and Cybersecurity"
  3. Gupta CharanKumar Akiri, K. A. E. P. L. P. - "Roles of Generative AI Entities"
  4. NIST CSF Laboratory Resources
  5. Security and Risk 2023-2024 Course Materials

About

A report made for the course of Security and Risk, M.Sc. in Computer Science, UniPD

Topics

nist nist-csf security-and-risk

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages