Mechanisms exist to define business processes with consideration for cybersecurity & data privacy that determines:
- The resulting risk to organizational operations, assets, individuals and other organizations; and
- Information protection needs arising from the defined business processes and revises the processes as necessary, until an achievable set of protection needs is obtained.
Does the organization define business processes with consideration for cybersecurity & data privacy that determines:
- The resulting risk to organizational operations, assets, individuals and other organizations; and
- Information protection needs arising from the defined business processes and revises the processes as necessary, until an achievable set of protection needs is obtained?