. . "organizations to measure and manage the risk posed by the IT systems, suppliers, sites and other key assets and processes on which they depend, using a methodology that" . . . . .