The fourth step in the Security Awareness Cycle is to identify solutions to mitigate the risks or to facilitate a behavioral change. This is where you need to decide how you want to handle the risks identified in the previous steps. These solutions would typically take shape as either a policy, procedure, or guideline. In some cases, however, it might even take shape as a hardware implementation or as a software deployment. Password Management software, for instance, is a prime example of a software solution that may be necessary in order to handle the high-risk behavior of storing passwords on Post-It® notes or digitally in clear-text within text files, unencrypted spreadsheets, or within Outlook itself as notes or contact entries.