What it is:
A research-based security policy paper developed for a corporate environment with on-premises web, application, and database servers handling sensitive data. The paper follows APA formatting and incorporates scholarly sources to support security policy decisions.
What I did:
Designed a comprehensive security policy addressing five critical areas: information classification, security awareness training, access control, encryption, and security incident management. Conducted research using academic and industry sources to justify each policy component and align it with real-world enterprise security practices.
What I learned:
Learned how to translate cybersecurity concepts into formal policy language used in real organizations. Gained a deeper understanding of how human factors, access control mechanisms, and encryption strategies work together to reduce risk. Also developed experience applying research to practical security solutions.