3 — Cyber Risk Management
37 requirements in the Cyber Risk Management element
3Elements of Cyber Risk Management
3.1Cyber Risk Management Definition
3.2Goal of Maritime Cyber Risk Management
3.3Senior Management Responsibility
3.4Risk-Based Approach to Cyber Resilience
3.5Functional Elements of Cyber Risk Management
3.5.1Govern
3.5.1.1Designate Cybersecurity Accountability
3.5.1.2Cybersecurity Authority and Expertise
3.5.2Identify
3.5.2.1Identify Critical Systems and Assets
3.5.2.2Digital Systems Inventory
3.5.2.3Cyber Risk Assessment
3.5.3Protect
3.5.3.1User Access Credential Management
3.5.3.2Password and Authentication Controls
3.5.3.3Network Security and Segmentation
3.5.3.4Internet and Intranet Security Measures
3.5.3.5Removable Media Controls
3.5.3.6Cybersecurity Training and Awareness
3.5.3.7System Backups and Incident Response Planning
3.5.3.8Supply Chain Security Policies
3.5.3.9Cybersecurity Effectiveness Assessment
3.5.4Detect
3.5.4.1Threat Monitoring
3.5.4.2Cyber Incident Detection Training
3.5.5Respond
3.5.5.1Incident Reporting
3.5.5.2Incident Record Keeping
3.5.5.3Cyber Incident Response Training
3.5.6Recover
3.5.6.1Recovery Strategy Development
3.5.6.2Cyber Incident Recovery Training
3.5.6.3Root Cause Analysis
3.6Document Protection for Functional Elements
3.7Cyber Risk Awareness at All Levels
3.8Cyber Resilient Equipment and Systems