The National Institute of Standards and Technology (NIST) has released the final version of a document supporting the agency’s report on integrating cybersecurity and enterprise risk management.
The agency said Friday the NIST Interagency or Internal Report 8286A, titled “Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management,” is intended to guide organizations on how to prioritize, manage and respond to cybersecurity risks within their ERM programs by illustrating methods for identifying and analyzing the severity of threats.
The report also highlights the importance of creating an enterprise risk register to properly document the potential impacts of cybersecurity risks on enterprise assets and develop an appropriate risk mitigation plan.
Researchers from NIST, CyberESI Consulting Group, Huntington Ingalls Industries and New World Technology Partners authored the report.
NIST is expected to release the draft of a third companion document detailing processes for oversight of cybersecurity risks for public comments in the coming weeks.