|
Content Assessment: New from NIST: Integrating Cybersecurity and Enterprise Risk Management (ERM)
Information - 95%
Insight - 95%
Relevance - 90%
Objectivity - 100%
Authority - 100%
96%
Excellent
A short percentage-based assessment of the qualitative benefit of the newly published report from NIST on the integration of cybersecurity and enterprise risk management.
Editor’s Note: According to NIST, this new report is intended to help improve communications (including risk information sharing) between and among cybersecurity professionals, high-level executives, and corporate officers at multiple levels. The goal is to assist personnel in these enterprises and their subordinate organizations as well as systems owners to better identify, assess, and manage cybersecurity risks in the context of their broader mission and business objectives. This report will also help cybersecurity professionals understand what executives and corporate officers need to carry out enterprise risk management (ERM).
Integrating Cybersecurity and Enterprise Risk Management (ERM)
A New Report by Kevin Stine (NIST), Stephen Quinn (NIST), Gregory Witte (Huntington Ingalls Industries), and Robert Gardner (New World Technology Partners)
Announcement
All enterprises should ensure cybersecurity risk gets the appropriate attention within their enterprise risk management (ERM) programs, which address all types of risk. Individual organizations within an enterprise can improve the cybersecurity risk information they provide as inputs to their enterprise’s ERM processes. By doing so, enterprises and their component organizations can better identify, assess, and manage their cybersecurity risks in the context of their broader mission and business objectives.
NIST is releasing NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This report promotes a greater understanding of the relationship between cybersecurity risk management and ERM, and the benefits of integrating those approaches.
Abstract
The increasing frequency, creativity, and severity of cybersecurity attacks means that all enterprises should ensure that cybersecurity risk is receiving appropriate attention within their enterprise risk management (ERM) programs. This document is intended to help individual organizations within an enterprise improve their cybersecurity risk information, which they provide as inputs to their enterprise’s ERM processes through communications and risk information sharing. By doing so, enterprises and their component organizations can better identify, assess, and manage their cybersecurity risks in the context of their broader mission and business objectives. Focusing on the use of risk registers to set out cybersecurity risk, this document explains the value of rolling up measures of risk usually addressed at lower system and organization levels to the broader enterprise level.
Read the complete overview at Integrating Cybersecurity and Enterprise Risk Management (ERM)
[New Report] Integrating Cybersecurity and Enterprise Risk Management (PDF)
NIST.IR.8286Additional Reading
- The Intersection of International Law and Cyber Operations: An Interactive Cyber Law Toolkit
- Estonia and the United States to Build a Joint Cyber Threat Intelligence Platform
Source: ComplexDiscovery