Stakeholders from appropriate operations and business areas participate in the identification of cyber risks
Context and Guidance: The involvement of stakeholders from various parts of the organisation is beneficial, because different perspectives from throughout the organisation will lead to more comprehensive identification of risks. Stakeholders from operational areas may have a better understanding of how a risk could impact an operational process, while stakeholders in a business area may have more visibility into the impact of a risk across services.
Related Practices • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: RISK-2a, RISK-2b, RISK-2c, RISK-2g, RISK-2h, RISK-2i, RISK-2j, RISK-2k, RISK-2l, RISK-2m.