Using the Internet and a browser, go to the International Information Systems Security Certifications Consortium Web site (www.isc2.org) and look for the information security common body of knowledge (CBK). What are the areas addressed in the CBK? Was policy explicitly listed? If not, where do you feel it is addressed in the CBK?