GV.RM-04:

Implementation Examples

Ex1:

Specify criteria for accepting and avoiding cybersecurity risk for various classifications of data

Ex2:

Determine whether to purchase cybersecurity insurance

Ex3:

Document conditions under which shared responsibility models are acceptable (e.g., outsourcing certain cybersecurity functions, having a third party perform financial transactions on behalf of the organization, using public cloud-based services)