NIST: prioritizing cybersecurity risk for enterprises

NIST has published a report that illustrates the need to ensure that enterprise context, priorities, and strategies are considered when making decisions about how best to respond to cybersecurity risks. The report encourages collaboration among cybersecurity and Enterprise Risk Management (ERM) managers to help enterprises apply, improve, and monitor the quality of cooperation and communication.

The report provides specifics about integrating cybersecurity risk management (CSRM) with ERM, as well as a detailed approach to high-level processes, and describes methods for applying enterprise objectives to prioritize identified risks and to subsequently select and apply the appropriate responses.

It explains how the cybersecurity risk register – possibly accompanied by a more comprehensive risk detail report – enables the tracking, reporting, and monitoring of various risks at all hierarchical levels.

This final version incorporates feedback received on the public draft and provides updated graphics, including an example Risk Detail Report (RDR) template for communicating extensive details about each risk (e.g., risk ownership and planned activities).

Additionally, a draft companion document – NISTIR 8286C, Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight – describes activities to help complete the CSRM/ERM integration cycle throughout the enterprise and is currently available for public comment.

Read the full report

Related Posts

Previous Post
EquiLend Launches Bespoke ESG Data Analysis and Validation Service
Next Post
US SEC proposes to speed up ownership reporting and include cash-settled derivatives

Fill out this field
Fill out this field
Please enter a valid email address.

X

Reset password

Create an account