Define practical security policy requirements.
Governance
Governance Policy Development
A structured policy development engagement aligning security expectations with business objectives and recognized frameworks.
- Organization
- Cybersecurity Internship Portfolio
- Duration
- 4 weeks
- Project Type
- Governance
Business Context
Why the work mattered
The organization needed clearer security expectations for employees, managers, and technology stakeholders. The project focused on transforming informal practices into documented governance artifacts that could support consistent decision making and audit readiness.
Objectives
Engagement goals
Align policy language with ISO 27001 and NIST CSF concepts.
Create readable documentation for technical and non-technical teams.
Support future compliance and internal audit activities.
Methodology
Structured process
The methodology explains how the work moved from context gathering to documented recommendations.
Step 1
Policy Scope
Clarify the business areas, users, and systems covered by the policy set.
Reviewed organizational context, common risk scenarios, and policy ownership needs.
Step 2
Framework Alignment
Ground policy requirements in recognized security standards.
Mapped policy sections to ISO 27001 control themes, NIST CSF functions, and CIS Controls.
Step 3
Drafting
Produce clear, enforceable security expectations.
Wrote policy statements, responsibilities, review cycles, and exception handling guidance.
Step 4
Review
Improve usability and business fit.
Checked language for clarity, removed ambiguity, and prepared an implementation summary.
Deliverables
Artifacts produced
Information Security Policy
Core policy defining roles, acceptable security expectations, and review responsibilities.
Gives teams a consistent reference point for security decisions.
Control Mapping Sheet
Mapped policy sections to framework themes and supporting control objectives.
Improves traceability for future audits and compliance reviews.
Skills Demonstrated
Professional competencies
Outcomes
Project impact
- Security expectations were translated into clear governance language.
- Framework alignment improved evidence quality and audit readiness.
- Documentation became easier for business stakeholders to review.
Lessons Learned
Professional growth
Related Projects
Continue exploring

Internal Audit
Internal Cybersecurity Audit
An internal assessment that reviewed security controls, documented gaps, and produced a prioritized remediation roadmap.

Risk Management
Enterprise Risk Assessment
A risk assessment project documenting assets, threats, likelihood, impact, and treatment options for management review.

Vendor Risk
Third-Party Risk Assessment
A vendor review workflow covering due diligence, control questions, risk scoring, and onboarding recommendations.
Discuss GRC opportunities
Contact Osen after reviewing this project or download the resume for a concise overview.