The ability to quantify cyber risk and make informed decisions about cyber risk appetite will often be the difference between success and failure for modern enterprises. Organizations must now factor cyber into their risk appetite and explicitly define the level of cyber risk that they are willing to accept in context of their overall risk appetite. This paper will provide a foundation for organizations looking to better understand cyber risk including; a systematic process for defining and comprehensively categorizing sources of cyber risk, a description of key stakeholders and risk owners within the organization, and finally, outline the basics of how to think about calculating cyber risk appetite.