Strategically assessing and managing risk to prevent security attacks and minimize their impact through timely detection and response.

• Risk management programs adopted by units and reviewed by the Information Security Council
• Cyber incidents prevented or detected and responded to in a timely manner
• Managed supply chain risk
• Common framework to address regulatory and compliance obligations