5.1 Governance5.2 Organizational context5.2.1 Understanding the differences between mission, vision, and values5.2.2 Strategic objectives5.2.3 Organizational metrics5.2.4 Organizational metrics exercise5.3 Risk management strategy5.3.1 Risk mitigation5.3.2 Risk management metrics5.3.3 Risk management metrics exercise5.4 Roles, responsibilities, and authorities5.4.1 Roles, responsibilities, and authorities metrics5.4.2 Roles and responsibilities metrics exercise5.5 Policy, processes, and procedures5.5.1 Policy, processes, and procedures metrics5.5.2 Policy, processes, and procedures metrics exercise5.6 Oversight5.6.1 Governance structure5.6.2 Simulated governance structure5.6.3 Governance exercise5.6.4 Oversight metrics5.6.5 Oversight metrics exercise5.7 Cybersecurity supply chain risk management5.7.1 Supply chain risk management practices5.7.2 Cybersecurity supply chain risk management metrics5.7.3 Supply chain risk management metrics exercise5.8 Governance metrics5.9 Answer to exercise 5.6.3