Lookout mobile security company develops the Mobile Risk Matrix for looking at the spectrum of mobile security risks for your enterprise and to help in developing a comprehensive strategy. I think this basic framework could be extended to other areas, besides mobile.
The author and RAND researchers recently wrote a paper detailing their findings on how cyber insurers understand and price risk.
This article has some very good insights regarding what board members say they want and what they are getting from CISOs. They still tend to be skeptical of risk presented as loss predictions in dollars. Storytelling still has an important role to play.