Organisational stakeholders from appropriate operations and business functions participate in the analysis of higher priority cyber risks
Context and Guidance: Organisational stakeholders from appropriate areas of the organisation are necessary for comprehensive analysis of prioritized cyber risk categories and cyber risks. Specific stakeholders may be more appropriate for analysing certain cyber risks or cyber risk categories and provide insight that cannot be gained from others in the organisation. Additionally, stakeholders from various parts of the organisation will provide different perspectives that will help gain a full understanding of risks and potential mitigations.
Related Practices • Input From: Implementing RISK-3a provides input that may be useful for implementing this practice. • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: RISK-3c, RISK-3d, RISK-3e.