DESCRIPTION
The goal of this project was to build a Python tool that analyzes incident response meetings and identifies gaps in security controls based on the NIST Cybersecurity Framework for Small Businesses.
This project involved developing a Python-based classification tool to assess the effectiveness of incident response discussions by mapping meeting transcripts to the NIST Cybersecurity Framework for Small Businesses. The goal was to help small teams identify gaps in their response practices based on missing or underrepresented NIST RS (Respond) subcategories.
The first step was to create a labeled dataset of approximately 1,000 examples representing incident response discussions. I then cleaned and tokenized each line for analysis and used an 80/20 split to train and test the model. A single-label text classification model was trained to assign each sentence to one of five RS subcategories: RS.CO, RS.MI-01, RS.MI-02, RS.AN-03, or RS.MA-03.
Once labeled, the program generated a structured report that highlighted which categories were addressed, which were missing, and offered improvement suggestions based on the observed gaps. The tool is designed to help small organizations strengthen their incident response maturity by ensuring post-breach controls within the NIST Cybersecurity Framework are addressed.
