No organization is immune to cyber-attacks. However, if effective controls are in place, we can reduce the likelihood and impact of attacks. Preventive controls keep attacks from occurring. Detective controls aid in monitoring assets and alert the organization in case of attack. Corrective controls help limit the impact and mitigate attacks. In this project, we analyze Aggie Medical Center (AMC) situated in Bryan/ College Station. We gather information about assets, management perspective of cyber security, operational view, etc. We provide risk assessment and mitigation strategies based on the information in the case.