|
GV.RM-02: Risk appetite and risk tolerance statements are established, communicated, and maintained
|
http://cyfun.data.gift/data/nist_subcategory_GV_RM_02
|
5 |
|
GV.RM-02: Risk appetite and risk tolerance statements are established, communicated, and maintained
|
http://cyfun.data.gift/data/subcategory_GV.RM-02
|
15 |
|
GV.RM-03.1: As part of the organisation-wide risk management strategy, a comprehensive strategy to manage information and cybersecurity risks shall be developed and updated when changes occur.
|
http://cyfun.data.gift/data/requirement_GV_RM_03_1
|
21 |
|
GV.RM-03.2: Information and Cybersecurity risks shall be documented, as part of the enterprise risk management processes, formally approved by senior management, and updated when changes occur.
|
http://cyfun.data.gift/data/requirement_GV_RM_03_2
|
22 |
|
GV.RM-03: Cybersecurity risk management activities and outcomes are included in enterprise risk management processes
|
http://cyfun.data.gift/data/nist_subcategory_GV_RM_03
|
5 |
|
GV.RM-03: Cybersecurity risk management activities and outcomes are included in enterprise risk management processes
|
http://cyfun.data.gift/data/subcategory_GV.RM-03
|
19 |
|
GV.RM-04.1: A high-level plan or vision shall be formally established and clearly communicated to everyone involved on how to manage risks, including the different strategies the organisation can employ to deal with identified risks based on risk appetite or risk tolerance level.
|
http://cyfun.data.gift/data/requirement_GV_RM_04_1
|
19 |
|
GV.RM-04: Strategic direction that describes appropriate risk response options is established and communicated
|
http://cyfun.data.gift/data/nist_subcategory_GV_RM_04
|
5 |
|
GV.RM-04: Strategic direction that describes appropriate risk response options is established and communicated
|
http://cyfun.data.gift/data/subcategory_GV.RM-04
|
15 |
|
GV.RM-05.1: To support the high-level risk management vision, the organisation shall establish clear lines of communication for cybersecurity risks, including those arising from suppliers and third parties.
|
http://cyfun.data.gift/data/requirement_GV_RM_05_1
|
19 |
|
GV.RM-05: Lines of communication across the organization are established for cybersecurity risks, including risks from suppliers and other third parties
|
http://cyfun.data.gift/data/nist_subcategory_GV_RM_05
|
5 |
|
GV.RM-05: Lines of communication across the organization are established for cybersecurity risks, including risks from suppliers and other third parties
|
http://cyfun.data.gift/data/subcategory_GV.RM-05
|
15 |