The Department of the Navy's Information Technology Magazine Notify Me of New Issue
Email this Article Email   

CHIPS Articles: Integrating Cybersecurity and Enterprise Risk Management: NISTIR 8286

Integrating Cybersecurity and Enterprise Risk Management: NISTIR 8286
By CHIPS Magazine - October 15, 2020
The National Institute of Standards and Technology released NIST Interagency Report (IR) 8286 to respond to the increasing frequency, creativity, and variety of cybersecurity attacks. NIST advises enterprises should ensure cybersecurity risk receives the appropriate attention along with other risk disciplines–legal, financial, and more – within their enterprise risk management (ERM) programs. NISTIR 8286 is intended to help cybersecurity risk management practitioners at all levels of the enterprise, in private and public sectors, to better understand and practice cybersecurity risk management within the context of ERM.

Through the use of an organizing construct of a risk register, enterprises and their component organizations can better identify, assess, communicate, and manage their cybersecurity risks in the context of their stated mission and business objectives using language and constructs already familiar to senior leaders.

NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM), promotes greater understanding of the relationship between cybersecurity risk management and ERM, and the benefits of integrating those approaches.

Publication details for NISTIR 8286:
https://csrc.nist.gov/publications/detail/nistir/8286/final

Related publication: NISTIR 8170, Approaches for Federal Agencies to Use the Cybersecurity Framework:
https://csrc.nist.gov/publications/detail/nistir/8170/final

Reports on Computer Systems Technology
The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analyses to advance the development and productive use of information technology. ITL’s responsibilities include the development of management, administrative, technical, and physical standards and guidelines for the cost-effective security and privacy of other than national security-related information in federal information systems.
Related CHIPS Articles
AF and Space Forces Chief Data Office launches unprecedented data governance training, certification program
DoD Incorporating AI Ethics into Systems Engineering, Official Says
DCNO for Information Warfare Announces DoD Cyber Scholarship Retention Program Solicitation
DCNO for Information Warfare Releases Defense-in-Depth Functional Implementation Architecture Afloat Inheritance Model for Risk Management Framework
DON Establishes DevSecOps Task Force
Related DON CIO News
Schedule Available for DON IT Conference East Coast 2020 Virtual Event
Join DON CIO, DCNO Information Warfare and the Deputy Commandant for Information for a Cybersecurity Awareness Month Discussion
The COVID-19 Impact on Modernize, Innovate and Defend
DON IT Conference Schedule Now Available; Pre-Registration Closed
DON IT Conference, East Coast 2019 Descriptive Schedule Available
Related DON CIO Policy
The Chief Information Security Officer Handbook
Spectrum Supportability Risk Assessment Process Using the Spectrum Supportability Integrated Process Portal
DON CIO Cybersecurity Strategy Guidance
DON Cyber Range Policy Guidance
DITPR-DON Process Guidance v1.0

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer