This project demonstrates a strategic approach to securing the enterprise through framework alignment and risk-based control selection. By integrating NIST 800-53, ISO 27001, and COBIT, this repository outlines a defensible security posture designed to mitigate sophisticated threat vectors and ensure audit readiness.
Utilized the NIST Risk Management Framework (RMF) to execute a systematic selection of security controls. This section includes a mapping of technical controls to specific system boundaries to ensure continuous monitoring.
Analysis of risk ownership within hybrid-cloud environments. This module focuses on:
- Social Engineering Mitigation: Administrative and Technical control implementation.
- Data Exfiltration Prevention: Egress monitoring and DLP configuration within the Customer Responsibility layer.
Implementation of the Three Lines of Defense model to establish clear accountability.
- 1st Line: Operational implementation.
- 2nd Line: GRC oversight and policy development.
- 3rd Line: Internal Audit and independent assurance.
Included in the /images directory:
- NIST RMF Cycle: The 7-step authorization process.
- Shared Responsibility Model: Delineating CSP vs. Customer control.
- Three Lines of Defense: Governance structure for audit readiness.
- ISO 27001 PDCA: The continuous improvement lifecycle of an ISMS.
This documentation serves as a blueprint for GRC practitioners to align technical security efforts with international compliance standards.
| NIST RMF Cycle | Shared Responsibility |
|---|---|
 |
 |
| Three Lines of Defense | ISO 27001 PDCA |
|---|---|
 |
 |
Author: Shakera Karolia