This document enumerates and evaluates consensus data categories that enterprise risk owners and insurers could use to assess risks, identify effective controls, and improve cybersecurity culture and practice. (more available)