You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A stab was taken as part implementation guidance (see currently published catalog). But also in the primary data yaml file.
An organization will have a level of risk appetite. The exact values here might depend on that level of risk.
If there is transparency on the risk appetite, e.g. their choice of frequency and sampling period, then the catalog can have sufficient value. So if we decide to let this be set by the org then we're also agreeing that these "organizationally defined parameters" will be reported along with the metrics.
So our activity is to define some recommendation for these values given a "average" risk appetite. We'll insert that into the yaml but we are not yet committing to publishing that as part of the catalog.
The next update to the catalog must be clearer on this (such as reporting of these values) even if we don't yet expose these recommendations. This is a big update to section 3.2.
The text was updated successfully, but these errors were encountered:
team discussion 3/13
A stab was taken as part implementation guidance (see currently published catalog). But also in the primary data yaml file.
An organization will have a level of risk appetite. The exact values here might depend on that level of risk.
If there is transparency on the risk appetite, e.g. their choice of frequency and sampling period, then the catalog can have sufficient value. So if we decide to let this be set by the org then we're also agreeing that these "organizationally defined parameters" will be reported along with the metrics.
So our activity is to define some recommendation for these values given a "average" risk appetite. We'll insert that into the yaml but we are not yet committing to publishing that as part of the catalog.
The next update to the catalog must be clearer on this (such as reporting of these values) even if we don't yet expose these recommendations. This is a big update to section 3.2.
The text was updated successfully, but these errors were encountered: