Sat. Jan 28th, 2023
    en flag
    nl flag
    et flag
    fi flag
    fr flag
    de flag
    pt flag
    ru flag
    es flag

    Content Assessment: New from NIST: Integrating Cybersecurity and Enterprise Risk Management (ERM)

    Information - 95%
    Insight - 95%
    Relevance - 90%
    Objectivity - 100%
    Authority - 100%

    96%

    Excellent

    A short percentage-based assessment of the qualitative benefit of the newly published report from NIST on the integration of cybersecurity and enterprise risk management.

    Editor’s Note: According to NIST, this new report is intended to help improve communications (including risk information sharing) between and among cybersecurity professionals, high-level executives, and corporate officers at multiple levels. The goal is to assist personnel in these enterprises and their subordinate organizations as well as systems owners to better identify, assess, and manage cybersecurity risks in the context of their broader mission and business objectives. This report will also help cybersecurity professionals understand what executives and corporate officers need to carry out enterprise risk management (ERM).

    Integrating Cybersecurity and Enterprise Risk Management (ERM)

    A New Report by Kevin Stine (NIST), Stephen Quinn (NIST), Gregory Witte (Huntington Ingalls Industries), and Robert Gardner (New World Technology Partners)

    Announcement

    All enterprises should ensure cybersecurity risk gets the appropriate attention within their enterprise risk management (ERM) programs, which address all types of risk. Individual organizations within an enterprise can improve the cybersecurity risk information they provide as inputs to their enterprise’s ERM processes. By doing so, enterprises and their component organizations can better identify, assess, and manage their cybersecurity risks in the context of their broader mission and business objectives.

    NIST is releasing NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This report promotes a greater understanding of the relationship between cybersecurity risk management and ERM, and the benefits of integrating those approaches.

    Abstract

    The increasing frequency, creativity, and severity of cybersecurity attacks means that all enterprises should ensure that cybersecurity risk is receiving appropriate attention within their enterprise risk management (ERM) programs. This document is intended to help individual organizations within an enterprise improve their cybersecurity risk information, which they provide as inputs to their enterprise’s ERM processes through communications and risk information sharing. By doing so, enterprises and their component organizations can better identify, assess, and manage their cybersecurity risks in the context of their broader mission and business objectives. Focusing on the use of risk registers to set out cybersecurity risk, this document explains the value of rolling up measures of risk usually addressed at lower system and organization levels to the broader enterprise level.

    Read the complete overview at Integrating Cybersecurity and Enterprise Risk Management (ERM)


    [New Report] Integrating Cybersecurity and Enterprise Risk Management (PDF) 

    NIST.IR.8286

    Additional Reading

    Source: ComplexDiscovery

     

    Have a Request?

    If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.

    ComplexDiscovery is an online publication that highlights cyber, data, and legal discovery insight and intelligence ranging from original research to aggregated news for use by cybersecurity, information governance, and eDiscovery professionals. The highly targeted publication seeks to increase the collective understanding of readers regarding cyber, data, and legal discovery information and issues and to provide an objective resource for considering trends, technologies, and services related to electronically stored information.

    ComplexDiscovery OÜ is a technology marketing firm providing strategic planning and tactical execution expertise in support of cyber, data, and legal discovery organizations. Focused primarily on supporting the ComplexDiscovery publication, the company is registered as a private limited company in the European Union country of Estonia, one of the most digitally advanced countries in the world. The company operates virtually worldwide to deliver marketing consulting and services.