Risk Management Strategy (GV.RM):

The organization's priorities, constraints, risk tolerance and appetite statements, and assumptions are established, communicated, and used to support operational risk decisions

Subcategories

GV.RM-01

Risk management objectives are established and agreed to by organizational stakeholders

GV.RM-02

Risk appetite and risk tolerance statements are established, communicated, and maintained

GV.RM-03

Cybersecurity risk management activities and outcomes are included in enterprise risk management processes

GV.RM-04

Strategic direction that describes appropriate risk response options is established and communicated

GV.RM-05

Lines of communication across the organization are established for cybersecurity risks, including risks from suppliers and other third parties

GV.RM-06

A standardized method for calculating, documenting, categorizing, and prioritizing cybersecurity risks is established and communicated

GV.RM-07

Strategic opportunities (i.e., positive risks) are characterized and are included in organizational cybersecurity risk discussions

Risk Management Strategy (GV.RM):

Subcategories

GV.RM-01

GV.RM-02

GV.RM-03

GV.RM-04

GV.RM-05

GV.RM-06

GV.RM-07

Peaches.Cloud

Quick Links

Contact

Support Our Research