This phase will help establish the foundations of the risk environment that will create a successful risk management program. This phase will take you through the following activities:
- Define the risk executive and responsibilities in a RACI document.
- Establish the information security risk tolerance level.
Use this phase as part of the full blueprint, Develop and Implement a Security Risk Management Program.