top of page

Principle 1

RISK-INFORMED SYSTEM

Define a Risk Assessment Framework and Methodology

< Back To Framework

A risk framework and methodology must be defined and executed on to identify, assess, and measure cyber risk within the organizational context.

SEC Regulation S–K Item 106(b)—Risk Management and Strategy

2023 NACD Director’s Handbook on Cyber-Risk Oversight Principle 1, 4, 5

Draft NIST CSF 2.0 GV.RM, ID.RA

ISO/IEC 27001:2022 6.1.2, 6.1.3

2017 AICPA CRMP Description Criteria DC11

ISO 31000:2018 6.1

bottom of page