[Addison West]

I really like how you explained the different policies and how they all work together to keep an organization safe. I agree that strong security is not just about having good technology, but also having clear rules and making sure people follow them. I especially think your point about access control is important, because limiting who can see certain information really helps reduce insider threats. I also think the incident response policy is something people sometimes forget about, but like you said, being prepared before an attack happens makes recovery much faster. Training and awareness might be one of the most important parts in my opinion, because even if a company has good tools, employees still need to know how to spot danger. Overall, your explanation shows how security is not just one single rule, but a mix of many policies that support each other and make the whole system stronger.