Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST IR 8286B

Prioritizing Cybersecurity Risk for Enterprise Risk Management

Date Published: February 2022

Author(s)

Stephen Quinn (NIST), Nahla Ivy (NIST), Matthew Barrett (CyberESI Consulting Group), Gregory Witte (Huntington Ingalls Industries), Robert Gardner (New World Technology Partners)

Abstract

Keywords

cybersecurity risk management; cybersecurity risk measurement; cybersecurity risk register (CSRR); enterprise risk management (ERM); key performance indicator (KPI); key risk indicator (KRI); risk acceptance; risk aggregation; risk avoidance; risk conditioning; risk mitigation; risk optimization; risk prioritization; risk response; risk sharing; risk transfer
Control Families

None selected

Documentation

Publication:
https://doi.org/10.6028/NIST.IR.8286B
Download URL

Supplemental Material:
See NISTIR 8286 Supplemental Material

Publication Parts:
IR 8286
IR 8286A
IR 8286C
IR 8286D

Document History:
09/01/21: IR 8286B (Draft)
02/10/22: IR 8286B (Final)

Topics

Security and Privacy

risk management, security measurement

Applications

enterprise