U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

NISTIR 8286B

Prioritizing Cybersecurity Risk for Enterprise Risk Management

Date Published: February 2022

Author(s)

Stephen Quinn (NIST), Nahla Ivy (NIST), Matthew Barrett (CyberESI Consulting Group), Gregory Witte (Huntington Ingalls Industries), Robert Gardner (New World Technology Partners)

Abstract

Keywords

cybersecurity risk management; cybersecurity risk measurement; cybersecurity risk register (CSRR); enterprise risk management (ERM); key performance indicator (KPI); key risk indicator (KRI); risk acceptance; risk aggregation; risk avoidance; risk conditioning; risk mitigation; risk optimization; risk prioritization; risk response; risk sharing; risk transfer
Control Families

None selected

Documentation

Publication:
NISTIR 8286B (DOI)
Local Download

Supplemental Material:
See NISTIR 8286 Supplemental Material (web)

Other Parts of this Publication:
NISTIR 8286
NISTIR 8286A
NISTIR 8286C
NISTIR 8286D (Draft)

Document History:
09/01/21: NISTIR 8286B (Draft)
02/10/22: NISTIR 8286B (Final)

Topics

Security and Privacy
risk management; security measurement

Applications
enterprise