Projects

Security Audit & Risk Management

Loreal Corner Security Assessment

Security Audit | Risk Assessment | Compliance Review | Security Controls

This project focused on conducting a security audit and risk assessment for Loreal Corner. The assessment reviewed organizational assets, security controls, compliance requirements, and risk exposure to identify vulnerabilities and opportunities for improving the overall security posture.

The audit evaluated administrative, technical, and physical security controls while reviewing compliance alignment with PCI DSS, GDPR, and SOC security frameworks.

Project Objective

The objective was to identify security gaps, assess organizational risks, review compliance readiness, and recommend practical improvements for protecting business systems, customer data, and operational infrastructure.

Figure: NIST Cybersecurity Framework Core Functions

The assessment aligned security observations with the NIST Cybersecurity Framework, emphasizing risk identification, protection measures, threat detection capabilities, incident response planning, and recovery preparedness.

Audit Scope

• Employee devices and workplace technology assets.
• Internal systems, networks, and business operations.
• Customer and business data protection practices.
• E-commerce and communication platforms.
• Regulatory compliance and security controls.

Key Findings

• Insufficient access control and asset management processes.
• Lack of encryption for sensitive customer information.
• No formal disaster recovery and backup strategy.
• Limited intrusion detection and monitoring capabilities.
• Compliance gaps related to PCI DSS, GDPR, and SOC requirements.

Risk Assessment Summary

The overall risk level was assessed as high due to weaknesses in access management, encryption practices, backup processes, and regulatory compliance controls. Several critical controls required immediate improvement to reduce organizational risk exposure.

Security Recommendations

• Implement least-privilege access controls and separation of duties.
• Encrypt sensitive data at rest and in transit.
• Establish tested backup and disaster recovery procedures.
• Deploy intrusion detection and prevention systems.
• Improve password management and authentication controls.
• Strengthen compliance alignment with PCI DSS, GDPR, and SOC standards.

Project Impact

This project demonstrates practical application of security auditing, risk assessment, compliance evaluation, security control analysis, and cybersecurity governance principles.

The assessment strengthened understanding of security frameworks, risk management methodologies, and the process of identifying and addressing organizational security weaknesses.

Supporting Documents & References

Security Audit & Risk Management – Project Documentation

Controls & Compliance Checklist – Supporting Assessment

Project Conclusion

The security audit identified critical areas requiring improvement in access management, encryption, disaster recovery, monitoring, and compliance controls. Addressing these gaps would significantly strengthen organizational resilience and reduce cybersecurity risk.

This project highlights the importance of continuous risk assessment, security governance, compliance monitoring, and proactive security planning in protecting modern business environments.

Google Cybersecurity Implementation Project: © 2024 Google LLC. Google and the Google logo are trademarks of Google LLC. Other names may be trademarks of their respective companies.