U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

Secure websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to our website. Please do not share sensitive information with us.

Using Business Impact Analysis to Inform Risk Prioritization and Response: NIST IR 8286D available for public comment
June 09, 2022

Traditional business impact analyses (BIAs) have been successfully used for business continuity and disaster recovery (BC/DR) by triaging damaged infrastructure recovery actions that are primarily based on the duration and cost of system outages (i.e., availability compromise). However, BIA analyses can be easily expanded to consider other cyber-risk compromises and remedies.

This initial public draft of NIST IR 8286D, Using Business Impact Analysis to Inform Risk Prioritization and Response, provides comprehensive asset confidentiality and integrity impact analyses to accurately identify and manage asset risk propagation from system to organization and from organization to enterprise, which in turn better informs Enterprise Risk Management deliberations. This document adds expanded BIA protocols to inform risk prioritization and response by quantifying the organizational impact and enterprise consequences of compromised IT Assets.

The public comment period for this draft is open through July 18, 2022. See the publication details for a copy of the draft and instructions for submitting comments.

NOTE: A call for patent claims is included on page iii of this draft. For additional information, see Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

Related Topics

Security and Privacy: risk management, security measurement, security programs & operations

Applications: enterprise

Created June 08, 2022, Updated June 09, 2022