Business priorities can change with a moment’s notice. As such, firms require agility not only in their business processes, but also in the risk and compliance systems that support them. 

There is general agreement within the industry on the aims and requirements for cyber security risk management, however the practical implementations of risk-based approaches often fall below the standard that is likely to be required by regulators. This paper describes how you can implement and show evidence of, a truly risk-based approach to cyber security.