Nist 800 33

(i) framing risk (ii) assessing risk (iii) responding to risk (iv) monitoring risk.

describing the environment in which risk-based decisions are made.

The second component of risk management addresses how organizations (_________) risk within the context of the organizational risk frame.

The third component of risk management addresses how organizations (_______) to risk once that risk is determined based on the results of a risk assessment.

The purpose of the (_________) component is to: (i) determine the ongoing effectiveness of risk responses (consistent with the organizational risk frame); (ii) identify risk-impacting changes to organizational information systems and the environments in which the systems operate; and (iii) verify that planned risk responses are implemented and information security requirements derived from and traceable to organizational missions/business functions, federal legislation, directives, regulations, policies, standards, and guidelines are satisfied.