Risk-based cybersecurity

A framework for making decisions about managing the security risk. At a high level, it involves inventorying an organization’s cyber-assets, and using that information to make decisions and prioritize actions on the basis of the organization’s strategic goals. While not a progenitor of this framework, NIST (National Institute of Standards and Technology) has developed guidance on implementing this framework.

Source: Election Cybersecurity 101 Field Guide – Glossary, Center for Democracy & Technology, https://cdt.org/insight/election-cybersecurity-101-field-guide-glossary/