U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.


We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

Integrating Cybersecurity and Enterprise Risk Management (ERM): NISTIR 8286
October 13, 2020

The increasing frequency, creativity, and variety of cybersecurity attacks means that all enterprises should ensure cybersecurity risk receives the appropriate attention along with other risk disciplines—legal, financial, etc.—within their enterprise risk management (ERM) programs. This document is intended to help cybersecurity risk management practitioners at all levels of the enterprise, in private and public sectors, to better understand and practice cybersecurity risk management within the context of ERM. Through the use of an organizing construct of a risk register, enterprises and their component organizations can better identify, assess, communicate, and manage their cybersecurity risks in the context of their stated mission and business objectives using language and constructs already familiar to senior leaders. 

NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM), promotes greater understanding of the relationship between cybersecurity risk management and ERM, and the benefits of integrating those approaches.

[Also see the related publication NISTIR 8170, Approaches for Federal Agencies to Use the Cybersecurity Framework.]


Related Topics

Security and Privacy: risk management

Applications: enterprise

Created October 13, 2020, Updated October 14, 2020