InConsult’s Cyber Resilience Framework leans heavily on governance as its first and most fundamental element. Framework highlights the need for cyberresilience to be addressed as a board priority, not at the IT level. Formal risk assessments must be used, incorporating a range of factors including the value of information, existing control layers, and their effectiveness. The six stages are divided into pre-incident (detect, identity, protect) and post-incidents (refine, respond, recover) stages.”]