The National Institute of Standards and Technology has released a report that explores methods for combining cybersecurity risk management information to come up with an enterprise risk profile that could be used to inform enterprise risk management decision-making and other actions by agency officials and corporate executives.
The NIST Internal Report 8286C supports other reports in the 8286 series covering enterprise risk management and cybersecurity risk management, the agency said Wednesday.
“This report describes how the CSRM Monitor, Evaluate, and Adjust (MEA) process supports enterprise risk management. This process also supports a repeatable and consistent use of terms, including an understanding of how the context of various terms can vary depending on the enterprise’s perspective,” the document reads.
The latest report discusses how enterprise risk strategy, tolerance, capacity, appetite and other risk governance elements direct risk performance and continues the discussion over CSRM results and priorities to improve understanding of enterprise impacts of cybersecurity risks on mission, reputation and financial considerations.