Deploy Securely • 157 implied HN points • 12 Jul 23
- Risk appetite is the baseline level of cybersecurity risk an organization is willing to accept.
- Risk appetite should be defined in fungible units like dollars or engineer-hours, not security-specific terms.
- Risk tolerance is the speed at which an organization must address risk above the established appetite to avoid compliance issues.