An integrated risk management approach using the NIST CSF-2.0, NIST 800-82, and IEC 62443 frameworks
Sahiwala, Fatema (2026)
2026
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-202603265076
https://urn.fi/URN:NBN:fi:amk-202603265076
Tiivistelmä
Genomic diagnostic laboratories increasingly depend on IoT and OT systems, creating cybersecurity challenges that traditional approaches cannot adequately address. This study introduces and validates an integrated risk assessment methodology combining NIST Cybersecurity Framework 2.0, NIST SP 800-82, and IEC 62443 to establish a comprehensive security posture for specialized healthcare environments.
A case study at ACME Inc.’s genomic diagnostic laboratory uncovered significant vulnerabilities in vulnerability management, access control, and business continuity. The methodology involved documentation review, interviews, and control assessments. The assessment revealed inconsistent patching, incomplete asset inventories, and insufficient continuous monitoring, exposing the lab to considerable cyber risks. Applying this integrated methodology and mapping over 300 security controls established a quantitative measure of the laboratory’s cybersecurity maturity.
This data-driven approach identified critical vulnerabilities and informed a structured, multi-phase remediation plan. This thesis provides a roadmap for a proactive cybersecurity strategy, prioritizing actions for immediate and long-term risk mitigation.
A case study at ACME Inc.’s genomic diagnostic laboratory uncovered significant vulnerabilities in vulnerability management, access control, and business continuity. The methodology involved documentation review, interviews, and control assessments. The assessment revealed inconsistent patching, incomplete asset inventories, and insufficient continuous monitoring, exposing the lab to considerable cyber risks. Applying this integrated methodology and mapping over 300 security controls established a quantitative measure of the laboratory’s cybersecurity maturity.
This data-driven approach identified critical vulnerabilities and informed a structured, multi-phase remediation plan. This thesis provides a roadmap for a proactive cybersecurity strategy, prioritizing actions for immediate and long-term risk mitigation.