Cybersecurity risk trends are changing rapidly, and companies need to proactively establish mechanisms to detect whether cyber risks affect the enterprise environment.

I will discuss the NISTIR 8286 ERM, COBIT 2019 framework, the concept of risk monitoring and risk response, and let the audience understand the use of Key Risk Indicator (KRI) and Key Performance Indicator (KPI) in information security risk management, so as to realize enterprise business goals.