GV.OV-03:
Organizational cybersecurity risk management performance is evaluated and reviewed for adjustments needed
Implementation Examples
Ex1:
Review key performance indicators (KPIs) to ensure that organization-wide policies and procedures achieve objectives
Ex2:
Review key risk indicators (KRIs) to identify risks the organization faces, including likelihood and potential impact
Ex3:
Collect and communicate metrics on cybersecurity risk management with senior leadership