A cybersecurity project, in which a vulnerability and security assessment has been conducted on a hypothetical company called NovaTech, with a variety of proposed controls to improve its security posture. This included OSINT, controls of ISO27001, PENTesting, and more, all documented in the report.
The project started with a security and risk assessment and penetration testing, followed by set up of security policies and technical controls, and finished with mitigations and technical remediation plan.
⚠️ All testing was conducted in a controlled, university-approved lab environment against simulated systems. No real-world organisations were targeted.
The main goals of this assignment were to:
- Assess an organisation’s security posture using industry frameworks
- Identify risks, vulnerabilities, and threats
- Perform simulated penetration testing using approved tools
- Evaluate the impact of vulnerabilities on confidentiality, integrity, and availability (CIA triad)
- Propose realistic mitigation and remediation strategies
- Identifying open ports and exposed services
- Mapping system attack surfaces
- Analysing services for known weaknesses
- Assessing outdated or misconfigured systems
- Evaluating vulnerabilities using CVSS-style risk scoring
- Identifying potential exploitation paths
- Assessing the impact of vulnerabilities on critical systems
- Linking findings to business and operational risk
- Conducting structured security and risk assessments
- Identifying, prioritising, and contextualising vulnerabilities
- Translating technical findings into business risk language
- Applying international security standards to real-world scenarios
- Designing layered security controls and mitigation strategies
- Developing remediation roadmaps aligned with organisational risk appetite
- Evaluating confidentiality, integrity, and availability impacts
- Strengthening analytical thinking in adversarial security contexts
- Producing professional, stakeholder-ready security reports
- Maintaining ethical and controlled testing discipline
- Understanding the fundamentals of Linux machines and being able to run Virtual Machines
- Identifying the nature of digital threats
- Figuring out the nature of ports and protocols
- Nmap
- Wireshark
- KaliLinux
- CVSS-style risk scoring and prioritisation
- Risk assessment aligned with ISO 27005 principles
- Security best practices aligned with:
- ISO 27001
- NIST
- GDPR considerations
- CIA triad
- VMs
This project was completed strictly for academic purposes.
No real systems were tested, and all scenarios were fictional and compliant with university ethical guidelines.