1. Confirm that cybersecurity risks, along with their mitigations, are identified and managed.