What regulations do we need to comply with?

What assets are most important?

What controls do we need to implement?

What is adequate protection?

Government

Governance

Green

Gallagher

Random

Rating Framework

Risk Management

Recursive

Compliance

Complete

Calculated

Champion

Cost of the asset after depreciation

How much customer data is lost if security is breached

How many people would be disrupted if the asset was unavailable?

How important is this asset to the company's profits?

The board of investors represents the interests of shareholders in a company

The CEO is the highest role and does not report to anyone

The CFO means Chief Financial Officer and reports to the CEO

Some organizations only have a CISO. In this case, the CISO serves both CISO and CIO roles

Safety Operations Command

Security Officer in Charge

Safety Officer in Charge

Security Operations Center