work tasks.

               An assessment of the appropriate levels of awareness, training, and
               education required within the organization should be revised on a

               regular basis using periodic content reviews. Training efforts need to
               be updated and tuned as the organization evolves over time.
               Additionally, new bold and subtle means of awareness should be
               implemented as well to keep the content fresh and relevant. Without
               periodic reviews for content relevancy, materials will become stale and

               workers will likely resort to making up their own guidelines and
               procedures. It is the responsibility of the security governance team to
               establish security rules as well as provide training and education to
               further the implementation of those rules.