Identify
In the previous chapter, we learned about the Govern function and its importance for evaluating and communicating risk throughout the organization. We also highlighted the importance of having an enterprise risk register, cybersecurity supply chain risk management, and oversight. Gathering metrics around your cybersecurity program will not only highlight where you need resources but also evangelize those positive risks.
The need to identify and remove risk from your environment is critical to the success of your program. Once a risk has been identified, you need a place to track it. A risk register can be used to track cyber risk in your organization. I recommend having a risk register per scoped environment. This keeps the register manageable while quickly finding the risk. Once you have developed individual risk registers, generate an enterprise risk register or risk management dashboard. This dashboard will provide a way of highlighting the critical risks discovered...
