GV.RM-07: Strategic opportunities (i.e., positive risks) are characterized and are included in organizational cybersecurity risk discussions
Ex1: Define and communicate guidance and methods for identifying opportunities and including them in risk discussions (e.g., strengths, weaknesses, opportunities, and threats [SWOT] analysis)
Ex2: Identify stretch goals and document them
Ex3: Calculate, document, and prioritize positive risks alongside negative risks
Tier
Description
Strategic opportunities (i.e., positive risks) are characterized and are included in organizational cybersecurity risk discussions