IT Support Impact Summary
Translated security governance requirements into practical access control, logging, and incident response processes that support consistent user management, clearer troubleshooting, and reliable escalation paths.
This project establishes a structured information assurance plan to protect confidentiality, integrity, and availability across an organization facing modern cyber threats. I framed the plan around real operational needs: access control consistency, logging visibility, defined response roles, and repeatable maintenance.
My role
Defined risk priorities, mapped governance requirements to operational controls, and documented how IT, leadership, and users should respond to incidents and continuity events.
IT support relevance
Shows awareness of account lifecycle management, troubleshooting through logging, procedure-driven escalation, and how support teams fit into a secure operating model.
Control-to-implementation mapping
| Control area | Practical implementation | Support value |
|---|---|---|
| Access control | Least privilege, formal reviews, multi-factor authentication | Reduces permission drift and makes access changes more consistent |
| Logging and monitoring | Centralized event visibility and review | Improves troubleshooting and helps identify incidents earlier |
| Incident response | Defined reporting, escalation, containment, and recovery steps | Supports predictable handoff and faster response under pressure |
| Disaster recovery | Backups, testing, and recovery validation | Improves service continuity and restoration confidence |
Major weaknesses identified
- Delayed and inconsistent patch management.
- Logging and monitoring that lacked centralization.
- Limited disaster recovery testing and response validation.
- Infrequent awareness training against phishing and credential theft.
High-priority recommendations
- Enforce multi-factor authentication for administrative and sensitive access.
- Centralize logging and continuous monitoring.
- Test incident response and disaster recovery procedures regularly.
- Apply least privilege and formal access reviews.
What this proves
I think this project shows that I can translate policy into operational reality. Instead of treating governance as paperwork, I used it to define better access handling, stronger logging, clearer incident workflows, and more dependable support processes.