**4.3 Cyber risk analysis**

While cyber risk and cyber risk analysis were discussed in Section 3, it is important to remember that consequence-driven risk analysis is necessary to prioritize design requirements and risk treatments of those digital SSCs required for ensuring reactor safety and the health and safety of the public. Like the CCE methodology, since resources are often limited, organizations should first ensure that the most stringent protections are around those critical functions that, if compromised or lost, could lead to unacceptable radiological consequences, sabotage, or theft of SNM.
