December 2019
Intermediate to advanced
240 pages
4h 26m
English
The purpose of this aide-mémoire is to give you the assurance you need that your company is concentrating on its most significant cyber risks and that cybersecurity investments focus on reducing these risks. This starts by prioritizing your company’s most critical business activities and understanding how cyberattacks could cause risks to these activities. This information provides the basis for selecting controls and developing a plan for their deployment.
TABLE 11-1
Critical business activities and risks
| Risk Inquiry 1 | “What are the company’s most critical business activities, the benefits they provide, and the most significant business risks they face?” |
| Rationale | This question ... |