Consider Appendix A: Framework Core Links to an external site. in Framework for Improving Critical Infrastructure Cybersecurity and its approach to identify, protect, detect, respond to, and recover from cybersecurity incidents. A key category within NIST's Identify function is Risk Management Strategy (ID.RM) and its three subcategories that should be addressed in a company's successful risk management strategy: ID.RM-1: Risk management processes are established, managed, and agreed to by organizational stakeholders. ID.RM-2: Organizational risk tolerance is determined and clearly expressed. ID.RM-3: The organization's determination of risk tolerance is informed by its role in critical infrastructure and sector-specific risk analysis