GV.RM-06:

A standardized method for calculating, documenting, categorizing, and prioritizing cybersecurity risks is established and communicated

Implementation Examples

Ex1:

Establish criteria for using a quantitative approach to cybersecurity risk analysis, and specify probability and exposure formulas

Ex2:

Create and use templates (e.g., a risk register) to document cybersecurity risk information (e.g., risk description, exposure, treatment, and ownership)

Ex3:

Establish criteria for risk prioritization at the appropriate levels within the enterprise

Ex4:

Use a consistent list of risk categories to support integrating, aggregating, and comparing cybersecurity risks

GV.RM-06:

A standardized method for calculating, documenting, categorizing, and prioritizing cybersecurity risks is established and communicated

Implementation Examples

Ex1:

Ex2:

Ex3:

Ex4:

Peaches.Cloud

Quick Links

Contact

Support Our Research