Project Summary

Assessment of MFA coverage, administrative accounts, and authentication controls.

Identity and Access Security Improvement Program

Project Overview

Project Type: Identity and Access Management

Organisation: National Railway Museum

Role: Cybersecurity Volunteer

Executive Summary

This project focused on strengthening identity security through the assessment of authentication controls, Multi-Factor Authentication (MFA) coverage, and administrative account security.

The objective was to identify practical opportunities to reduce credential-related risk while balancing operational requirements and user adoption considerations.

The Challenge

While MFA was already implemented on several critical systems, coverage was not consistent across the environment.

The organisation also relied heavily on volunteers, requiring any security improvements to remain practical, accessible, and easy to support.

Approach

The review focused on:

  • MFA coverage
  • Administrative accounts
  • Internet-facing systems
  • Authentication processes
  • Operational constraints
  • User adoption considerations

Assessment Activities

MFA Review

Systems reviewed included:

  • WordPress
  • Xero
  • Commonwealth Bank
  • cPanel
  • Administrative accounts

Administrative Account Review

Activities included:

  • Account identification
  • Access review
  • Privilege assessment
  • Security improvement recommendations

Key Findings

  • Existing MFA adoption provided a strong starting point.
  • Additional opportunities existed to expand MFA coverage.
  • Administrative accounts required prioritisation.
  • User experience and volunteer adoption needed to be considered.

Recommendations

  • Prioritise administrative accounts.
  • Expand MFA coverage where practical.
  • Strengthen authentication controls for internet-facing systems.
  • Improve account ownership documentation.
  • Support users through guidance and awareness activities.

Deliverables

  • MFA Assessment Documentation
  • Authentication Review Notes
  • MFA Expansion Recommendations
  • Administrative Account Review
  • Identity Security Improvement Roadmap

Outcomes

The project established a practical roadmap for improving authentication controls and reducing identity-related risk while considering operational constraints.

Skills Demonstrated

  • Identity and Access Management
  • MFA Assessment
  • Administrative Account Review
  • Security Planning
  • Risk Assessment
  • Stakeholder Communication

Lessons Learned

Strong identity security depends not only on technology but also on usability, adoption, and operational support. Successful MFA implementation requires balancing security objectives with practical user requirements.