GV.SC-03.078

Has your organization formally identified and documented areas of alignment and overlap between cybersecurity and enterprise risk management frameworks?

Explanation

This question assesses whether the organization has systematically analyzed how cybersecurity risks integrate with broader enterprise risk management (ERM) processes. Identifying these alignments helps ensure cybersecurity risks are properly considered within the organization's overall risk appetite and management approach, rather than being treated in isolation. Evidence could include a mapping document or matrix that shows how cybersecurity risk categories correspond to enterprise risk categories, shared risk assessment methodologies, or documentation showing how cybersecurity metrics and KPIs feed into enterprise risk reporting structures.

Implementation Example

Identify areas of alignment and overlap with cybersecurity and enterprise risk management

ID: GV.SC-03.078

Context

Function: GV: GOVERN
Category: GV.SC: Cybersecurity Supply Chain Risk Management
Sub-Category: Cybersecurity supply chain risk management is integrated into cybersecurity and enterprise risk management, risk assessment, and improvement processes

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub