Small Business Security Assessment & Risk Management Program

Aligned to NIST Cybersecurity Framework (CSF) 2.0

Project Type: Security Assessment · Risk Management · GRC

Industry: Small Retail / Food Service

Duration: ~2–3 weeks

Frameworks: NIST CSF 2.0 (internally aligned), risk-based methodology

Project Overview

This project involved conducting an end-to-end cybersecurity baseline assessment for a small retail business and developing a risk-driven security improvement program aligned with the NIST Cybersecurity Framework (CSF) 2.0.

The objective was to assess the organization’s current security posture, identify and prioritize cybersecurity risks based on business impact, and translate findings into practical, scalable controls appropriate for a small business environment.

While the client-facing deliverables intentionally avoided heavy technical language, the assessment internally applied industry-standard security principles, control mapping, and risk prioritization techniques.

Scope & Assessment Focus

The assessment evaluated cybersecurity risk across operational and administrative domains, including:

• Point-of-sale (POS) system access and authentication practices
• Handling and protection of employee personal data
• Network usage and segmentation practices
• Incident response readiness and escalation paths
• Recovery and continuity planning for system outages
• Third-party and vendor dependency risks