Cyberspace governance can take many forms. Three approaches to cybersecurity governance can be used to meet organizational needs: (1) a centralized approach, (2) a decentralized approach, or (3) a hybrid approach. The authority, responsibility, and decision making power related to cybersecurity and risk management differ in each governance approach. The appropriate governance structure for an organization varies based on many factors (e.g., mission and business processes, size of the organization, organizational operations, resources, and risk tolerance).