ISO 27001 & NIST
You need an established Framework: ISO 27001 or NIST. Understand the repercussions of not having a framework and how you can get started.
Learn the NIST Risk Management Framework
Know the seven steps for successful execution of the NIST Risk Management Framework, NIST Cybersecurity Framework or NIST 800-53.