The National Institute of Standards and Technology has published a finalized report that highlights the need to consider enterprise risk management when making cybersecurity decisions.
NIST said Thursday its report titled “Prioritizing Cybersecurity Risk for Enterprise Risk Management” details the integration of cybersecurity risk management with ERM to fortify cyber response.
The report also encourages collaboration between CSRM and ERM managers; and lists ways to pursue enterprise objectives, prioritize risks and appropriately select responses.
The finalized publication makes use of previously gathered feedback from the public and features updated graphics, including a sample template for risk detail reports.
NIST now also seeks public feedback on the publication’s companion document titled “Staging Cybersecurity Risks for ERM and Governance Oversight,” which highlights ways to complete enterprise-wide integration cycles of CSRM/ERM. Interested parties may submit feedback through March 11.
