Determine quantitative or qualitative indicators to measure the impact and likelihood of occurrence of weaknesses and threats. Establish qualitative and quantitative measures to achieve set metrics, key performance indicators (KPI), and key risk indicators (KRI). Review the risk inventory and information register of risks from other areas. Define ICT and information security objectives. Update ICT security policies and guidelines, as well as processes and procedures, particularly during significant changes in the cyber threat landscape. Measure/ monitor the implementation of security policies and guidelines. Manage and monitor the ICT risk. Monitor the accurate identification and classification of ICT-supported business functions and ICT assets according to the established ICT risk management framework. Implement communication channels between organizational units.