diff --git a/1-security/README.md b/1-security/README.md
index ab8a1c30a391a43d0c97886dd28ebf2c65a411ba..bfec1a387797f808118964561c2d20db5d73f77e 100644
--- a/1-security/README.md
+++ b/1-security/README.md
@@ -4,3 +4,66 @@
 >**TODO** user is admin of virtual machines... etc.
 
 ## SSH keys
+
+## Pre-runtime measures
+### Endorsed images
+endorsements for virtual machine images implemented directly, as cryptographically signed hashes, indirectly, based on verbal agreements only virtual machine instances based on endorsed images are allowed to have public IP addresses modified and subsequently saved images are no longer considered to be endorsed by the original endorser
+
+##Trusted users
+trusted users defined as users with high-level identity verification or explicit endorsement from other trusted users or site managers. Only trusted users have access to pools of public IP addresses
+
+##Restricted remote access to running virtual machines
+only the following combinations of access methods and authentication methods are allowed
+SSH with public key authentication
+SSH with GSS API authentication
+
+##Encrypted RDP/VNC
+password-based remote authentication methods are not allowed (e.g. SSH with a plain password)
+Automated pre-runtime compliance testing
+all virtual machine images and virtual machine instances based on said images must be tested for explicit compliance with the defined security profile (Cloud_Security_Policy#Security_Profile)
+only compliant images and virtual machine instances based on said images can
+be published (made available to other users)
+be assigned public IP addresses
+be launched outside isolated private networks
+
+##Runtime measures
+* Networking isolation for L2
+* running virtual machine instance will be isolated in a VLAN if the image of the instance is based on is not endorsed by a trusted user
+it does not belong to a trusted user
+it is running OS Windows
+its owner chooses to isolate it
+
+##Networking isolation for L3
+running virtual machine instance will be isolated using firewall if
+it has a public IP address
+its owner chooses to isolate it in a private network
+
+##IP logging
+* every IP address given to a virtual machine instance will be tied to its owner for the duration of its lifetime (i.e. until shutdown)
+owner of the virtual machine instance is responsible for any illegal activity during its lifetime
+* Anti-spoofing rules for networking
+network addresses assigned to a virtual machine instance by the cloud platform are mandatory and cannot be changed by the owner at runtime. Anti-spoofing rules are enforced by the hypervisor or local network infrastructure
+an attempt to change the assigned network addresses will immediately cut off the virtual machine instance from any subsequent network communication
+
+##Automated runtime compliance testing
+All running virtual machine instances are periodically tested for compliance with the defined security profile (Cloud_Security_Policy#Security_Profile)
+repeated or long-running non-compliance will result in an immediate forced shutdown of the given instance
+
+##Automated configuration changes in virtual machines
+all virtual machine images must support contextualization to the following extent
+* boot-time injection of a public key for the root user (where applicable)
+* boot-time change of the RDP/VNC credentials (where applicable)
+* Post-runtime measures
+
+##Extraction of virtual machine logs
+At the end of its lifetime (i.e. after shutdown), the contents of /var/log from the root file system of every virtual machine instance will be archived
+
+##Extraction of timestamps
+At the end of its lifetime (i.e. after shutdown), timestamps from the root file system of every virtual machine instance will be archived
+
+##Security Profile
+TBD
+
+##Incident Response
+whenever possible follow general procedures stipulated by CESNET and EGI
+close cooperation with CSIRT security teams
diff --git a/8-faq/README.md b/8-faq/README.md
index 554f7bdbbc7e40a895eb50e77c08ee181022174f..52465c4bf9ac7e134eb51e2b4224b1b055b5e156 100644
--- a/8-faq/README.md
+++ b/8-faq/README.md
@@ -1 +1,18 @@
 # Frequently asked questions
+
+## I want to use OpenStack. How do I register?
+
+First thing you need to do is to sign up at MetaCenter and create an account. Use this [link](https://perun.metacentrum.cz/fed/registrar/?vo=meta&group=metacloud).
+
+## I have an issue with OpenStack. Where do I report it?
+
+First try to search the guide and see if you can find an answer to your problem in there. If all else fails, you can open a ticket with user support. To do so, click on your project name in the upper right corner and hit "Help".
+You will be redirected to your e-mail client and you can send your request to [helpdesk@ics.muni.cz](mailto:helpdesk@ics.muni.cz).
+
+ -TODO prokonzultovat obvykle use casy- Here is a list of typical use cases our support team can help you with:
+ * Your VM is crashing / stuck in a boot loop / cannot spin up / ...
+ * You cannot log on to your VM.
+ * You need to reassign your project to another user as an owner.
+ * Your networking is faulty.
+
+##
diff --git a/README.md b/README.md
index 3e01bdea8cb01b96b863dd94b03d6ce25f24578e..0ffb2176c912a66af5cdd38e0c977bb3b611ef6d 100644
--- a/README.md
+++ b/README.md
@@ -17,3 +17,18 @@ https://docs.openstack.org/rocky/)
 ## Terms and Conditions
 
 The service is provided for free to Masaryk University employees and workgroups. The service includes creation of a virtual server on the OpenStack platform. The service does NOT include installation and management of an operation system or server applications. You may contact the service desk which will help you find a qualified administrator for your endeavour, if your skills are limited.
+
+The membership in MetaCentre is allowed without any restrictions only to persons from academic environment of the Czech republic with research objectives. In a case of interest from commercial company (i.e. its research part), it is necessary to consult your interest and its possible fulfillment. As the MetaCentre user you are allowed to use currently available computational resources for your research aims and projects. As a MetaCentre employee your membership brings you access to resources, information and materials necessary for your work.
+
+By submitting an application you also accept the following rules which had to be checked in MetaCentrum end user statement before application submission. Using MetaVO is free of charge but these rules are obligatory and they should be observed as their violation can lead to termination of your MetaCentre membership.
+
+
+[MetaCentrum end user statement](https://www.metacentrum.cz/en/about/rules/index.html)
+[NGI MetaCentrum Usage Rules](https://www.metacentrum.cz/en/about/rules/index.html)
+[Appreciation formula / Acknowlegement in publications](https://wiki.metacentrum.cz/wiki/Usage_rules/Acknowledgement)
+[Account validity](https://wiki.metacentrum.cz/wiki/Usage_rules/Account)
+[Annual report](https://wiki.metacentrum.cz/wiki/MetaCentrum_Annual_Report_%E2%88%92_Author_Instructions)
+[Terms and conditions for the access to the CESNET e-infrastructure](https://www.cesnet.cz/conditions/?lang=en)
+
+
+At the end of each year, the system will ask you to prolong your account. You will be asked to fill out your MetaCentre usage description, description of achieved results and a list of publications for the last year.
diff --git a/book.json b/book.json
index 4d0ea8370f425141bd795010228830872736bd86..eed1f436ff415e4f74cc2d83e0bb00fb5d415ba7 100644
--- a/book.json
+++ b/book.json
@@ -25,9 +25,6 @@
             "success": "fa fa-check-circle",
             "danger": "fa fa-exclamation-triangle",
             "warning": "fa fa-exclamation-circle"
-        },
-        "layout": {
-          "footerPath" : "layouts/footer.html"
-    }
+        }
   }
 }