The objective of this project is for you to identify and review a computer security policy/standard (or set) that is in use by a business or institution, provide an assessment of that policy, make recommendations for any changes that may be needed, and provide a presentation on these efforts. Your assessment and recommendations should be based on the existing publications that we review in this class (NIST, ISO, and Open Source). Other publications may be used to support your findings if they are first agreed upon by the instructor. Your assessment should include aspects that the policy does well and aspects that it does poorly or is missing (strengths/weaknesses).

The deliverables for this project are as follows:
Proposal. In a short paper, provide a very short overview of the policy(s) you are going to review, where it comes from, and a copy of the policy(s) in the appendix. Approved proposals can be used to continue to the next stage of the project.