GV.OV-01:

Cybersecurity risk management strategy outcomes are reviewed to inform and adjust strategy and direction

Measure how well the risk management strategy and risk results have helped leaders make decisions and achieve organizational objectives

Examine whether cybersecurity risk strategies that impede operations or innovation should be adjusted