Maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.