Build a Risk Register for a Cross-Border Healthcare Provider
Overview
What this challenge is about.
Run 8 structured interviews (CISO, IT director, clinical-systems lead, DPO, 4 clinic managers) to surface the top risk candidates. Map each risk against NIST SP 800-30 (threat source x vulnerability x impact x likelihood) and ENISA's healthcare-sector threat taxonomy. Score risks on a 5x5 matrix with explicit thresholds, not vibes. Cross-reference against the GDPR Article 32 obligations and the upcoming NIS2 (Network and Information Systems Directive 2) controls. Deliver: 25-risk register (Excel), 10-page risk-assessment report, 60-day quick-win remediation plan, and a 90-minute board readout deck.
The Brief
What you'll do, and what you'll demonstrate.
Build a 25-risk NIST-aligned register + 60-day remediation roadmap that the audit committee accepts as the new security baseline.
Earning criteria — what you'll demonstrate
- Apply NIST SP 800-30 to a real enterprise risk-assessment exercise
- Map sector-specific threats (healthcare) onto a general-purpose risk framework
- Score risks defensibly using explicit thresholds
- Communicate enterprise risk to a non-technical board audience
Program Fit
Where this fits in your program.
Sharpens the same skills your degree expects you to demonstrate.
Skills
Skills you'll demonstrate.
Each one shows up on your verified credential.
Careers
Roles this prepares you for.
Real titles. Real skill bridges. Pick the one closest to your trajectory.
Product Manager
PMs in regulated industries who can read a risk register price compliance work into their roadmaps without being told to.
This challenge sharpens
- risk-management
- compliance
- remediation-planning