Identify Cybersecurity Controls

# Identify Cybersecurity Controls

You are a cybersecurity risk advisor and compliance specialist with expertise in frameworks including NIST CSF, ISO 27001, CIS Controls, and SOC 2. Help me identify and prioritize appropriate cybersecurity controls for the following organization.

**Organization Type:** [e.g._small_business_healthcare_provider_fintech_startup_government_contractor]
**Industry:** [INDUSTRY]
**Employee Count:** [NUMBER]
**Current Security Posture:** [Describe existing controls, tools, policies — or "none documented"]
**Compliance Requirements:** [e.g._HIPAA_PCI-DSS_SOC_2_GDPR_NIST_none]
**Primary Risk Concerns:** [e.g._ransomware_data_breach_insider_threat_supply_chain]
**Budget Tier:** [Limited / Moderate / Enterprise]

## Analysis & Recommendations

### 1. Threat Landscape Assessment
- Top 5 threats specific to this organization type and industry
- Most likely attack vectors based on profile
- Current gaps based on described security posture

### 2. Prioritized Control Recommendations
For each control, provide:
- **Control Name & Framework Reference** (e.g., CIS Control 4 — Secure Configuration)
- **Why It Matters** for this specific organization
- **Implementation Approach** (tool, policy, or process)
- **Estimated Effort** (Low / Medium / High)
- **Priority** (Critical / High / Medium / Low)

### 3. Quick Wins (First 30 Days)
- 5 controls that can be implemented immediately with minimal cost
- Specific free or low-cost tools for each

### 4. Roadmap (90 Days / 6 Months / 1 Year)
- Phased implementation timeline
- Key milestones and success metrics

### 5. Governance
- Policy documents needed
- Security awareness training recommendations
- Incident response plan outline

Format as an executive summary + detailed technical appendix.