Email this Article Email   

CHIPS Articles: New NIST Report: Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management

New NIST Report: Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management
By CHIPS Magazine - December 15, 2020
The National Institute of Standards and Technology issued a new report that provides a more in-depth discussion of the concepts introduced in the NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). It specifically highlights that cybersecurity risk management (CSRM) is an integral part of ERM — both taking its direction from ERM and informing it.

NIST officials said the increasing frequency, creativity, and severity of cybersecurity attacks demands that all enterprises should ensure that cybersecurity risk is receiving due attention within their ERM programs by ensuring the CSRM program is integrated within the context of ERM. The new report is intended to help individual organizations that are already familiar with NISTIR 8286.

The new document supplements NIST Interagency/Internal Report 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM), by providing additional detail regarding risk guidance, identification, and analysis. This report offers examples and information to illustrate risk tolerance, risk appetite, and methods for determining risks in that context.

The report describes documentation of various scenarios based on the potential impact of threats and vulnerabilities on enterprise assets to support development of an enterprise risk register. “Documenting the likelihood and impact of various threat events through cybersecurity risk registers integrated into an enterprise cybersecurity risk profile, helps to later prioritize and communicate enterprise cybersecurity risk response and monitoring,” NIST said.

Date Published: December 2020
Comments Due: February 1, 2021
Email Comments to: nistir8286@nist.gov

Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer