Governing Cyber at Scale: Executive Frameworks for Complex, Regulated Enterprises
This document outlines executive frameworks for cybersecurity governance in complex, regulated enterprises, emphasizing decision rights, risk appetite, operating models, board oversight, regulatory compliance, risk quantification (FAIR), the Three Lines Model, and managing third-party/cloud risks for operational resilience.