Project Summary

Development of security procedures, user guidance, and awareness material.

Cybersecurity Governance Development

Project Overview

Project Type: Governance, Risk and Compliance (GRC)

Organisation: National Railway Museum

Role: Cybersecurity Volunteer

Executive Summary

This project focused on improving cybersecurity governance through the development of practical policies, procedures, user guidance, and security awareness material.

The objective was to establish a governance foundation suitable for a volunteer-driven organisation while improving security expectations, accountability, and awareness.

The Challenge

The organisation had limited formal cybersecurity documentation and required practical guidance that could be easily understood by both staff and volunteers.

Security expectations needed to be documented in a way that supported secure behaviour without creating unnecessary complexity.

Approach

The project focused on:

  • Governance review
  • Procedure development
  • User guidance
  • Security awareness
  • Access management controls
  • Software governance

Governance Deliverables

Acceptable Use Procedure

Covered:

  • Password security
  • Internet usage
  • Email security
  • USB usage
  • Software installation restrictions
  • Suspicious activity reporting

Access Privilege Management Procedure

Covered:

  • Least privilege
  • User onboarding
  • User offboarding
  • Access reviews
  • Administrative account management

Third-Party Software Restriction Procedure

Covered:

  • Software approval
  • Browser extensions
  • Remote access tools
  • Freeware controls
  • Software governance

Internet and Computer Use Agreement

Updated to include:

  • MFA expectations
  • Phishing awareness
  • USB security
  • Software restrictions
  • Security responsibilities
  • Monitoring expectations

Security Awareness Initiative

Created awareness material covering:

  • Password security
  • Phishing awareness
  • Safe browsing
  • USB security
  • Reporting suspicious activity

Outcomes

The project established a stronger governance foundation and improved cybersecurity guidance available to staff and volunteers.

The resulting documentation supports future security improvement initiatives and helps promote more secure day-to-day practices.

Skills Demonstrated

  • Governance Development
  • Policy Writing
  • Procedure Development
  • Security Awareness
  • Risk Management
  • Stakeholder Communication

Lessons Learned

Effective governance documentation must be practical, understandable, and aligned with organisational realities. Security procedures are most effective when users can realistically follow them.