Below, I have attached papers that best display my cyber knowledge throughout my time at ODU studying cybersecurity.

Policy Analysis Paper

Policy Analysis Paper 

Isaas Lozada 

CYSE 425W 

Dr.Mehr 

9/21/25

A Cybersecurity policy is the foundation of a company’s defense strategy against outside threats like malicious hackers or even internal threats such as an employee. This policy that is put into practice is best to protect an organization’s digital information from being corrupted or intercepted. Some examples of extreme damage from these attacks could result in monetary loss, legal battles, damage to reputation, and even bankruptcy. The reason these policies exist in the workplace is to set a standard. Everyone at the company must adhere to these rules and follow them to the exact detail, this ensures equal fault amongst all employees. These policies establish clear guidelines not only to ensure protection of internal security but these policies also promote an organization’s commitment to cybersecurity. Customers, Business owners, investors, they all pay attention to how a company protects their crucial digital information, having that safety net of a policy in place boosts trust within a company. 

Many times these policies cover a range of topics, some examples would include how to properly “Bring your own device” or guidelines on how employees can spot and avoid threats. However, some policies require grave attention, these policies are referred to as “Stand Alone” policies. A “Stand Alone” policy that is essential to a company’s success and absolutely required would be the “Incident Response” policy. This policy details all the right moves for a company to make when responding,reporting, or responding to a cyber threat. This policy also details how a company should properly report and also document what occurred during that “incident”. 

This policy is extremely important because it acts as an umbrella in terms of defense, against several disasters that could occur to a company. A prime example of a threat that would be encountered during the “incident” phase would be Ransomware. Ransomware is a malicious malware that would hold a company’s computer “hostage” until they provide a ransom. IBM reported that twenty percent of all network attacks were a direct use of ransomware, this data solidified that Ransomware is a real threat and amongst the most popular rising attacks used in recent times. 

Social engineering is also a huge threat that is covered under the incident response policy. The most prominent threat under social engineering is known as “Phishing”. Phish attacks are usually an impersonation of a trusted individual by a hacker with the intent of manipulating an employee into leaking sensitive information, downloading malware, and even transfer of financials. The Incident Response policy is put in place to halt these attacks. A typical incident Response policy has four main steps, those steps are detection, reporting, response, and documentation. 

The first step being detection is crucial, this step identifies the threat and what exactly is being attacked. Directly after identifying the threat, the threat must be reported to the response team, these reports include where the attack happened and the specific time. This is the “response” portion of the defense strategy, the response team will identify the threat and then rapidly work on neutralizing the threat. After neutralizing the threat, the final step is to document what had occurred during the incident. The documentation should report all findings and serve as a guide to instruct the proper strategies that should be used for current attacks as well as future attacks.

References 

NIKE, Inc. 10-K Cybersecurity GRC – 2024-07-25. (2024, July 25). Board-Cybersecurity.com. https://www.board-cybersecurity.com/annual-reports/tracker/20240725-nike-inc-cybersecurit y-10k/ 

Wadhwa, P. (2023, December 10). Why is Cyber Incident Reporting Important? (Complete Process). Sprinto. https://sprinto.com/blog/cybersecurity-incident-reporting/ Fortinet. (2025). What Is Incident Response? Process & 6 Step Plan. Fortinet. https://www.fortinet.com/resources/cyberglossary/incident-response

Fortinet. (2025). What Is Incident Response? Process & 6 Step Plan. Fortinet.
https://www.fortinet.com/resources/cyberglossary/incident-response