diff --git a/module002-ch004-security-in-neutron.xml b/module002-ch004-security-in-neutron.xml
index c8f16951..672d2df0 100644
--- a/module002-ch004-security-in-neutron.xml
+++ b/module002-ch004-security-in-neutron.xml
@@ -6,7 +6,7 @@
     xml:id="module002-ch004-security-in-neutron">
     <title>Security in Neutron</title>
     <para><guilabel>Security Groups</guilabel></para>
-    <para>Security groups and security group rules allows
+    <para>Security groups and security group rules allow
         administrators and tenants the ability to specify the type
         of traffic and direction (ingress/egress) that is allowed
         to pass through a port. A security group is a container
@@ -15,8 +15,8 @@
         associated with a security group. If a security group is
         not specified the port will be associated with a 'default'
         security group. By default this group will drop all
-        ingress traffic and allow all egress. Rules can be added
-        to this group in order to change the behaviour.</para>
+        ingress traffic and allow all egress traffic. Rules can be added
+        to this group in order to change this behaviour.</para>
     <para>If one desires to use the OpenStack Compute security
         group APIs and/or have OpenStack Compute orchestrate the
         creation of new ports for instances on specific security
@@ -24,15 +24,15 @@
         this, one must configure the following file
         /etc/nova/nova.conf and set the config option
         security_group_api=neutron on every node running
-        nova-compute and nova-api. After this change is made
+        nova-compute and nova-api. After this change is made,
         restart nova-api and nova-compute in order to pick up this
-        change. After this change is made one will be able to use
+        change. After this change is made, the user will be able to use
         both the OpenStack Compute and OpenStack Network security
         group API at the same time.</para>
     <para><guilabel>Authentication and Authorization</guilabel></para>
     <para>OpenStack Networking uses the OpenStack Identity service
         (project name keystone) as the default authentication
-        service. When OpenStack Identity is enabled Users
+        service. When OpenStack Identity is enabled, users
         submitting requests to the OpenStack Networking service
         must provide an authentication token in X-Auth-Token
         request header. The aforementioned token should have been
@@ -54,7 +54,7 @@
             <para><emphasis role="bold">Operation-based:</emphasis>
                 policies specify access criteria for specific
                 operations, possibly with fine-grained control over
-                specific attributes;</para>
+                specific attributes.</para>
         </listitem>
         <listitem>
             <para><emphasis role="bold"