MeowKanu/ISO-27001-Mini-ISMS-GRC-Portfolio-Project

GitHub: MeowKanu/ISO-27001-Mini-ISMS-GRC-Portfolio-Project

Stars: 0 | Forks: 0

ISO 27001 Mini ISMS – GRC Portfolio Project *Overview* This project is a simulated implementation of an ISO 27001-based Information Security Management System (ISMS). It is designed to demonstrate practical understanding of Governance, Risk, and Compliance (GRC) concepts, including risk management, security policies, asset management, and audit readiness. The project reflects how organizations implement security controls and manage information security risks in real-world environments. *Objectives* Understand ISO 27001 framework and ISMS structure Perform basic risk assessment and risk treatment Create security policies and compliance documentation Simulate internal audit and control evaluation processes Build a practical GRC-focused cybersecurity portfolio project *Key Components* This repository includes: Asset Inventory (information system assets and classification) Risk Register (risk identification and evaluation) Risk Treatment Plan (mitigation strategies) Access Control Policy (user access and authentication rules) Incident Response Plan (incident handling process) Statement of Applicability (ISO 27001 controls mapping) Internal Audit Checklist (compliance verification) Change Management Policy (system change governance) *Skills Demonstrated* ISO 27001 fundamentals Information Security Management System (ISMS) design Risk assessment and mitigation Security policy documentation Compliance and audit understanding GRC (Governance, Risk & Compliance) principles *Use Case Simulation* This project simulates a fictional organization implementing ISO 27001 controls to protect business data, manage risks, and ensure compliance with security standards. *Purpose* This repository is part of my cybersecurity learning journey with a focus on GRC roles such as: GRC Analyst Information Security Analyst Risk & Compliance Analyst IT Audit Associate *Note* This is a learning and portfolio project and does not represent a real production environment.