1. Conduct an internet or library search to locate the information security policy for 2 colleges or universities.
2. Identify the first policy you selected and document whether it contains the following elements:
   Policy statement, Rationale, who is affected by the policy, Definitions, Roles and responsibilities, Compliance, Related documents, Policy contact
3. Identify the second policy you selected and document whether it contains the following elements: Policy statement, Rationale, Who is affected by the policy, Definitions, Roles and responsibilities, Compliance, Related documents, Policy contact
4. Which policy was more complete or informative? Why?
5. As an end-user, which policy was easier to understand? Why?

6.For the first policy, what are your responsibilities for following the policy?

7.For the second policy, what are your responsibilities for following the policy?

8. You have been hired as an information security analyst at a small company called Astounding Appliances. Your manager asks you to help her create an information security training and awareness policy. The primary goal of the policy is to keep employees from responding to phishing attempts and other internet scams. Any policy that is created will have to be reviewed by legal counsel and other company stakeholders, so it is not important to get the language exactly right for the first draft. What is important, however, is to outline all of the main parts of the policy. Your manager wants you to prepare the first draft of the outline using the common policy elements headings.Create an outline of an information security training and awareness policy.