Covers the development of organizational security policy, risk assessment methods, and compliance with common security frameworks.