tasks and to comply with the security policy, can begin. All new
               employees require some level of training so they will be able to comply

               with all standards, guidelines, and procedures mandated by the
               security policy. Education is a more detailed endeavor in which
               students/users learn much more than they actually need to know to
               perform their work tasks. Education is most often associated with
               users pursuing certification or seeking job promotion.

               Understand how to manage the security function. To manage

               the security function, an organization must implement proper and
               sufficient security governance. The act of performing a risk assessment
               to drive the security policy is the clearest and most direct example of
               management of the security function. This also relates to budget,
               metrics, resources, information security strategies, and assessing the
               completeness and effectiveness of the security program.

               Know the six steps of the risk management framework. The

               six steps of the risk management framework are: Categorize, Select,
               Implement, Assess, Authorize, and Monitor.