A Draft Report by Kevin Stine (NIST), Stephen Quinn (NIST), Gregory Witte (Huntington Ingalls Industries), Karen Scarfone (Scarfone Cybersecurity), and Robert Gardner (New World Technology Partners)

Integrating Cybersecurity and Enterprise Risk Management (ERM)

Announcement

All enterprises should ensure cybersecurity risk gets the appropriate attention within their enterprise risk management (ERM) programs, which address all types of risk. Individual organizations within an enterprise can improve the cybersecurity risk information they provide as inputs to their enterprise’s ERM processes. By doing so, enterprises and their component organizations can better identify, assess, and manage their cybersecurity risks in the context of their broader mission and business objectives.

NIST is releasing Draft NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM), for public comment. This report promotes a greater understanding of the relationship between cybersecurity risk management and ERM, and the benefits of integrating those approaches.

Abstract

The increasing frequency, creativity, and variety of cybersecurity attacks mean that all enterprises should ensure cybersecurity risk is getting the appropriate attention within their enterprise risk management (ERM) programs. This document is intended to help individual organizations within an enterprise improve their cybersecurity risk information, which they provide as inputs to their enterprise’s ERM processes through communications and risk information sharing. By doing so, enterprises and their component organizations can better identify, assess, and manage their cybersecurity risks in the context of their broader mission and business objectives. Focusing on the use of risk registers to set out cybersecurity risk, this document explains the value of rolling up measures of risk usually addressed at lower system and organization levels to the broader enterprise level.

Read the complete overview at Integrating Cybersecurity and Enterprise Risk Management (ERM)

[Draft Report] Integrating Cybersecurity and Enterprise Risk Management (PDF) 

NIST.IR.8286-draft

Additional Reading

Source: ComplexDiscovery

The post New from NIST: Integrating Cybersecurity and Enterprise Risk Management (ERM) appeared first on ComplexDiscovery.