Date Published: June 9, 2022
Comments Due: July 18, 2022 (public comment period is CLOSED)
Email Questions to: nistir8286@nist.gov
, , , , , ,
Traditional business impact analyses (BIAs) have been successfully used for business continuity and disaster recovery (BC/DR) by triaging damaged infrastructure recovery actions that are primarily based on the duration and cost of system outages (i.e., availability compromise). However, BIA analyses can be easily expanded to consider other cyber-risk compromises and remedies.
This initial public draft of NIST IR 8286D provides comprehensive asset confidentiality and integrity impact analyses to accurately identify and manage asset risk propagation from system to organization and from organization to enterprise, which in turn better informs Enterprise Risk Management deliberations. This document adds expanded BIA protocols to inform risk prioritization and response by quantifying the organizational impact and enterprise consequences of compromised IT Assets.
NOTE: A call for patent claims is included on page iii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.
None selected
Publication:
NISTIR 8286D (Draft) (DOI)
Local Download
Supplemental Material:
See NISTIR 8286 Supplemental Material (web)
Other Parts of this Publication:
NISTIR 8286
NISTIR 8286A
NISTIR 8286B
NISTIR 8286C (Draft)
Document History:
06/09/22: NISTIR 8286D (Draft)
Security and Privacy
risk management; security measurement; security programs & operations
Applications
enterprise