Cyber risk identification considers risks that may arise from or impact critical infrastructure or other interdependent organisations
Context and Guidance: Dependencies that exist between other critical infrastructure and interdependent organisations should be understood. If a utility service or other dependent service is not available for a significant duration, the organisation should have an understanding of how this would impact operations. For example, if a natural disaster is impacting an internet service provider's ability to provide internet services, risks that would stem from degraded communications between geographically dispersed organisational units and how it impacts the function should be considered and logged in the risk register.
Related Practices • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: RISK-2a, RISK-2b, RISK-2c, RISK-2g, RISK-2h, RISK-2i, RISK-2j, RISK-2k, RISK-2l, RISK-2m.