Information security uses administrative, technical (logical), and physical controls to mitigate risks related to organization’s assets.  A policy is an administrative control. If no policy exist in the IT department, research shows that employees will default to a defacto policy.  A defacto policy means a policy that is in effect ,but not formally recognize.  To stop this for happening, It is important for students to understand how to take the cloud best practices discussed throughout this course and use them to create a cloud security policy.  Cloud security fundamentals and mechanisms is a huge part of the cloud security policy.  For this assignment, read the attached article: “Our Journey to the Cloud”.  Use the   SANS email policy template SANS email policy template – Alternative Formats   to create a policy for the cloud.  Please note, the SANS policy is a template you can use to structure your policy.  If you are having trouble with the links above, these supporting documents can be found in the Cloud Policy Assignment Documents folder.