Project Summary

University capstone project that evolved into ongoing cybersecurity volunteering work.

Cyber Security Development Plan

Project Overview

Project Type: University Capstone Project

Organisation: National Railway Museum

Institution: University of South Australia

Executive Summary

This capstone project involved developing a Cyber Security Development Plan for the National Railway Museum.

The project focused on assessing cybersecurity risks, analysing organisational security maturity, identifying improvement opportunities, and developing a roadmap for strengthening cybersecurity capabilities.

The project received a High Distinction and later evolved into ongoing cybersecurity volunteering work with the museum.

Objectives

The project aimed to:

  • Assess cybersecurity maturity
  • Identify security risks
  • Develop practical recommendations
  • Improve governance and controls
  • Create a cybersecurity roadmap

Assessment Activities

Activities included:

  • Cybersecurity assessment
  • Risk identification
  • Threat analysis
  • Security control review
  • Governance assessment
  • Stakeholder engagement

Key Deliverables

Risk Assessment

Identified key risks affecting organisational systems and operations.

Security Roadmap

Developed a prioritised cybersecurity improvement roadmap.

Governance Recommendations

Produced recommendations relating to policies, procedures, and organisational security practices.

Security Controls

Mapped security controls and improvement opportunities across multiple cybersecurity domains.

Outcomes

The project provided a structured framework for improving cybersecurity maturity and reducing organisational risk.

The work was later extended through ongoing volunteering activities that focused on implementation planning and security uplift initiatives.

Skills Demonstrated

  • Cyber Risk Assessment
  • Governance and Compliance
  • Security Planning
  • Security Architecture
  • Stakeholder Engagement
  • Security Documentation

Lessons Learned

The project reinforced the importance of aligning cybersecurity recommendations with organisational requirements, available resources, and operational realities.

It also demonstrated the value of translating technical risks into practical and actionable recommendations.