# Risk Prioritization [[Risk Prioritization]] is a [[Control Verification]] capability. This process involves identifying and prioritizing risk based on adversary interest and exploitability. This facilitates a targeted mitigation approach and allows organizations to allocate resources where they would be most effective. ## Map ``` mermaid <!-- element style="width:90%; height:auto" --> graph TD Top[[Cybersecurity]] --- D[[Control Verification]] D --- D.1[[Attack Surface Enumeration]] D --- D.2[[Resilience Testing]] D --- D.3[[Risk Prioritization]] D --- D.4[[Remediation Management]] D --- D.5[[Assurance Reporting]] %% Class Definitions %% ===================== class Top,A,A.1,A.2,A.2,A.3,A.4,A.5,A.6,B,B.1,B.2,B.3,B.4,B.5,C,C.1,C.2,C.3,C.4,D,D.1,D.2,D.3,D.4,D.5,E,E.1,E.2,E.3,E.4,E.5,E.6 internal-link,font-color:white; class Top cssClassL0; classDef cssClassL0 fill:black,stroke:black,stroke-width:4px,font-size:15px,font-color:white; class A,B,C,D,E cssClassL1; classDef cssClassL1 fill:darkblue,stroke:darkblue,stroke-width:4px,font-size:15px,font-color:white; class A.1,A.3,A.4,A.5,A.6,B.1,B.2,B.3,B.4,B.5,C.1,C.2,C.3,C.4,D.1,D.2,D.3,D.4,D.5,E.1,E.2,E.3,E.4,E.5,E.6 cssClassL2; classDef cssClassL2 fill:blue,stroke:blue,stroke-width:4px,font-size:15px,font-color:white; class D.3 cssClassCurrent; classDef cssClassCurrent fill:#2f9503,stroke:#2f9503,stroke-width:4px,font-size:15px,font-color:white; ``` ## Definition Risk prioritization is the process of identifying and prioritizing risk for the efficient use of resources and timely mitigation of potential threats for the purpose of safeguarding the organization’s overall stability and success.] ## Goals >[!cm-goal] Goal 1 > **Efficient Resource Allocation** - Direct resources towards managing the most significant risks. Timely Mitigation: Address the most critical risks promptly to prevent or reduce their impact on the organization. Enhanced Decision-Making: Provide a clear basis for making informed decisions. Improved Risk Management: Increase the overall effectiveness of the organization’s risk management processes. Organizational Resilience: Strengthen the organization’s ability to withstand and recover from adversary attacks. Cost Savings: Reduce potential losses and avoid unnecessary expenditures by targeting the assets with the most adversary interest. Compliance and Governance: Ensure the organization meets regulatory requirements and adheres to best practices in risk management. ## Scope ## Process ## Metrics >[!cm-metric] Metric: % of Assets that remain exploitable after Resilience Testing ## Inspiration & Resources ## [Cyber City Map](https://cybercitymap.com/) © 2023-2024 by [ThirdScore, Inc.](https://thirdscore.com/) All Rights Reserved.