A cyber domain integrates and supports critical infrastructures, global economic prosperity, public health and safety, and national security. The U.S., EU and other governments are calling for a strengthened position against cyber attacks. Viruses, Trojan horses, denial of service attacks, and other methods can compromise sensitive data and disrupt critical services. Toward this end, President Obama’s Executive Order 13636 calls for adopting and implementing risk-based standards to identify high-risk infrastructure and select alternatives for cyber risk mitigation. What does it mean for a standard to be “risk-based”?  Risk is traditionally defined as a triplet consisting of what can go wrong, how likely it is to happen, and the consequences of it happening. However, traditional approaches to risk analysis are insufficient given the rapid pace of evolution and the unprecedented uncertainty inherent in cyber threats. This symposium brings together government officials and technology industry representatives responsible for standard development and scientists studying risk-based standards. The dynamic nature of cyber risks requires semi-quantitative methods that integrate technical data and value judgments. Moreover, continuous assimilation of new information and monitoring of changing stakeholder priorities and adversarial capabilities through adaptive management are required for successful implementation of a cybersecurity framework.