Need to create a summary, a matrix, and a conclusion. I have attached the two documents. Please read the risk profile and then create a matrix.

1
Introduction
Cyber risks threaten every sector with damaging consequences of data exposure, system outages, and financial impacts. Some industries and sectors are targeted more frequently than others. The U.S. Federal Government encompasses the legislative, executive, and judicial
anches and the authorities withheld by each, including taxation, budget, military defense, and foreign affairs. The responsibilities and engagements of the Federal Government make this entity a common target for cyberattacks among various adversarial groups. This risk profile will identify the risks to the U.S. Federal Government and the risk management techniques that the government can leverage to counter these persistent threat actors and their tactics, techniques, and procedures.
Threats
    Similar to other industries, the federal government is exposed to physical and cyber threats. Therefore, the government must understand the cu
ent threat landscape to safeguard its assets against cyber threats. One of the primary concerns is the cyber threat to critical infrastructure. There are 16 critical infrastructure sectors, including healthcare, financial, food and agriculture, water, defense, and emergency services (CISA, n.d.-b). These sectors are considered vital services, and a disruption in these sectors would have a debilitating effect on our national security, financial security, public health, or safety (CISA, n.d.-b). Likewise, the supervisory control and data acquisition (SCADA) systems that monitor the industrial control systems tied to critical infrastructure are vulnerable to cyber-te
orist attacks. SCADA systems are comprised of networked systems, sensors, and programmable logic controllers that interface and automate industrial systems (Wikipedia, n.d.). Our nation’s reliance on these sectors and SCADA systems makes them primary adversarial targets.
The federal government’s focus on cyber threats also aims to protect sensitive and classified information from an adversarial
each. Federal networks are the information technology system networks that the government relies on for essential operations. Internal and external attacks frequently target these federal networks to exfiltrate high-value data. Protecting these physical networks from damage, interception, or security
eaches also protects the government’s data.
Threat Actors Targeting the US
The Federal Government networks and critical infrastructure are targeted by unsophisticated hackers, insider threats, and nation-state cyber actors equipped with sophisticated cyber tools. The U.S.’ primary nation-state cyber threats are China, Russia, North Korea, and Iran. China maliciously targets the U.S. for intellectual property and multiple critical infrastructure sectors, including defense information, chemical systems, and communications (CISA, n.d.-a). Russia engages in malicious cyber espionage to affect or influence U.S. social and political activity, industrial control infrastructure, nuclear facilities, and critical infrastructure (CISA, n.d.-e). North Korea poses an evolving threat of espionage, theft against financial institutions and cryptocu
ency, and attack threats (CISA, n.d.). Finally, Iran continuously develops its cyber capabilities to suppress political activity, deploy destructive malware, and steal personally identifiable information (CISA, n.d.-c).
Insider threats are another concern for the Federal Government. Employees have access to classified and sensitive data that must be protected from insider threats and data exfiltration. The security incident at the summit demonstrated how vulnerabilities could be exploited, and internal threats can disrupt operations and cause damage. Fortunately, these vulnerabilities were remediated using technical and security controls adopted by the U.S. government.
 Relevant Security Controls
Protecting our nation’s federal networks and critical infrastructure from adversarial
eaches requires risk management informed by threat intelligence. The risks associated with internal threats, cyber hackers, and nation-states require proactive countermeasure implementation using security and privacy controls. NIST SP XXXXXXXXXXcontrol families provide 20 categories of protective measures, including Access Control (A.C.), System and Communications Protection (S.C.), and System and Information Integrity (S.I.). Various solutions can be implemented to meet the (A.C.) control, such as multi-factor authentication with a zero-trust framework to restrict and limit access to information resources. NIST (SC-5) recommends protecting systems and communications from denial-of-service attacks via technical controls that filter packets. Application of this control would suggest the government implement firewalls with intrusion detection systems and anti-virus software. NIST (S.I.) provides recommendations for various protections such as malicious code protection (SI-3), system monitoring (SI-4), and input validation (SI-10). The application of the NIST guidance will ensure that the U.S. Federal Government comprehensively safeguards the information networks and control systems that subsequently protect our critical infrastructure from adversarial threats.
Summary
    The primary cyber risks that threaten the U.S. are hackers, insider threats, and nation-state-sponsored hackers. These malicious actors pose a significant and persistent threat to the safety and security of the U.S. population. Therefore, the Federal Government has adopted the guidance of NIST to prescribe relevant security and privacy controls to safeguard information networks, critical infrastructure, and the SCADA systems that monitor and control these industrial control systems.
References
CISA. (n.d.-a). China cyber threat overview and Advisories. Retrieved from https:
www.cisa.gov/uscert/china
CISA. (n.d.). Critical infrastructure sectors. Retrieved from https:
www.cisa.gov/critical-infrastructure-sectors
CISA. (n.d.-c). Iran cyber threat overview and Advisories. Retrieved from https:
www.cisa.gov/uscert/iran
CISA. (n.d.-d). North Korea cyber threat overview and Advisories. Retrieved from https:
www.cisa.gov/uscert/northkorea
CISA. (n.d.-e). Russia cyber threat overview and Advisories. Retrieved from https:
www.cisa.gov/uscert
ussia
 NIST. (2020, September). Security and privacy controls for information systems and organizations. Retrieved from https:
nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf
Wikipedia. (n.d.). Scada. Retrieved from https:
en.wikipedia.org/wiki/SCADA

Project 4: Protecting the Homeland
Step 11: Develop the Risk Threat Matrix
You are familiar with the cybersecurity standards organizations and understand policy objectives of your sector and the resulting cyber defense strategy that provides the security of communications while meeting sector goals and objectives. As leadership representatives for your sector, work as a team to create a Risk Threat Matrix that incorporates what was learned from the security risk profile with the cyber defense strategy of the sector and uses that to select security controls to be implemented for the sector.
When you have completed the Risk Threat Matrix, your team should submit it for feedback.
Risk Threat Matrix
    Risk
    Threat Type
    Categorization
    Target Victims
    Attack Vecto
    Impact and Assessment (Low, Medium, High)
    Mitigation
    Top
3
Risks
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    Othe
Risks