The circumstances — mission, stakeholder expectations, and legal, regulatory, and contractual requirements — surrounding the organization’s cybersecurity risk management decisions are understood.
GV.OC-05: Outcomes, capabilities, and services that the organization depends on are determined and communicated Implementation Examples Example 1: Create …
GV.OC-04: Critical objectives, capabilities, and services that stakeholders depend on or expect from the organization are determined and …
GV.OC-04: Do you know and share what stakeholders expect from the organization ? Read more »
GV.OC-03: Legal, regulatory, and contractual requirements regarding cybersecurity – including privacy and civil liberties obligations – are understood …
GV.OC-03: How to manage legal, regulatory, and cybersecurity obligations ? Read more »
GV.OC-02: Internal and external stakeholders are determined, and their needs and expectations regarding cybersecurity risk management are understood. …
GV.OC-02: How to determine stakeholders for cybersecurity risk management ? Read more »
GV.OC-01: The organizational mission is understood and informs cybersecurity risk management. Example 1: Share the organization’s mission (e.g., …
