U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

Secure websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to our website. Please do not share sensitive information with us.

NISTIR 8286B

Prioritizing Cybersecurity Risk for Enterprise Risk Management

Date Published: February 2022

Author(s)

Stephen Quinn (NIST), Nahla Ivy (NIST), Matthew Barrett (CyberESI Consulting Group), Gregory Witte (Huntington Ingalls Industries), Robert Gardner (New World Technology Partners)

Abstract

Keywords

cybersecurity risk management; cybersecurity risk measurement; cybersecurity risk register (CSRR); enterprise risk management (ERM); key performance indicator (KPI); key risk indicator (KRI); risk acceptance; risk aggregation; risk avoidance; risk conditioning; risk mitigation; risk optimization; risk prioritization; risk response; risk sharing; risk transfer
Control Families

None selected

Documentation

Publication:
NISTIR 8286B (DOI)
Local Download

Supplemental Material:
See NISTIR 8286 Supplemental Material (web)

Other Parts of this Publication:
NISTIR 8286
NISTIR 8286A
NISTIR 8286C (Draft)
NISTIR 8286D (Draft)

Document History:
09/01/21: NISTIR 8286B (Draft)
02/10/22: NISTIR 8286B (Final)

Topics

Security and Privacy
risk management; security measurement

Applications
enterprise