(1) The methods and processes used by an organization to manage risks in order to establish the trust necessary to support company goals and objectives. The methods and processes used by an enterprise to manage risks to its mission and to establish the trust necessary for the enterprise to support shared missions. Retrieved from CNSSI 4009-2015. https://csrc.nist.gov/glossary
(2) A program implemented, reviewed, and maintained by an organization’s Executive Board (if applicable) and senior management to govern the relevant factors of risks to the organization. These risk factors can include but are not limited to the following: strategic risks; financial risks; operational risks; compliance risks; IT and infrastructure risks; and reputational risk.