This course focused on how cybersecurity is shaped through policy, governance, and organizational strategy. Rather than focusing only on technical defenses, the course emphasized how frameworks and policies guide real-world cybersecurity decision-making across industries.

A major assignment in this course was a policy analysis paper that I developed on the NIST Cybersecurity Framework, which I selected as my topic. In this paper, I examined how the framework bridges the gap between cybersecurity policy and practical implementation. I explored its five core functions: Identify, Protect, Detect, Respond, and Recover, and analyzed how organizations use these steps to manage and reduce cyber risk. The paper also looked at how the framework is applied in real environments such as healthcare, finance, and government systems, where structured cybersecurity planning is essential for protecting critical infrastructure.

In addition to the policy analysis paper, I completed a second research paper focused on the ethical implications of the NIST Cybersecurity Framework. This assignment required me to evaluate how cybersecurity practices impact privacy, fairness, and transparency. I examined the trade-offs organizations face when implementing security controls, especially when balancing data protection with individual rights and ethical responsibility.

Through these assignments, I also engaged in structured writing and analysis exercises that strengthened my ability to communicate cybersecurity concepts in a clear and professional format. This was especially important in learning how to present technical and policy-related ideas in a way that is accessible to non-technical audiences.

From a career perspective, this course is directly relevant to cybersecurity because it reflects how professionals evaluate risk, implement frameworks, and align security practices with organizational and regulatory expectations. It reinforced that cybersecurity is not only technical but also heavily influenced by policy, ethics, and decision-making at the organizational level.

Overall, this course strengthened my ability to think critically about cybersecurity strategy while improving my writing, analysis, and understanding of how security frameworks are applied in real-world environments.