Identify and elaborate on the five areas users should have an understanding of when an organization is attempting to manage risk.

What will be an ideal response?

To mitigate the risk users pose to an organization, training users is a critical piece of managing risk. While a formal course is preferred, it's up to the IT department to do what it can to make sure users have an understanding of the following:
•         Security policies - Users need to read, understand, and, when necessary, sign all pertinent security policies.
•         Passwords - Make sure users understand basic password skills, such as sufficient length and complexity, refreshing passwords regularly, and password control.
•         System and workplace security - Make sure users understand how to keep their workstations secure through screen locking and not storing written passwords in plain sight.
•         Social engineering - Users need to recognize typical social-engineering tactics and know how to counter them.
•         Malware - Teach users to recognize malware attacks and train them to deal with them.