Email this Article Email   

CHIPS Articles: Integrating Cybersecurity and Enterprise Risk Management

Integrating Cybersecurity and Enterprise Risk Management
By CHIPS Magazine - March 25, 2020
The National Institute of Standards and Technology is releasing Draft NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM), for public comment. This report promotes greater understanding of the relationship between cybersecurity risk management and ERM, and the benefits of integrating those approaches.

The increasing persistence, frequency, creativity, and variety of cybersecurity attacks shows that all enterprises should ensure cybersecurity risk is getting the appropriate attention within their enterprise risk management (ERM) programs.

Draft NISTIR 8286 aims to help individual organizations within an enterprise improve their cybersecurity risk data, which they provide as inputs to their enterprise’s ERM processes through communications and risk information e, NIST said. In doing so, enterprises and their component organizations can better identify, assess, and manage their cybersecurity risks in the context of their broader mission and business objectives.

Draft NISTIR 8286 focuses on the use of risk registers to set out cybersecurity risk, and explain the value of rolling up measures of risk usually addressed at lower system and organization levels to the broader enterprise level.

NIST advised all enterprises should ensure cybersecurity risk gets the appropriate attention within their enterprise risk management programs, which address all types of risk.

Comments for Draft NISTIR 8286 are due April 20, 2020. Please email comments to: nistir8286@nist.gov

Publication
NISTIR 8286 (Draft) (DOI)
NIST Download

Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer