NIST IR 8286B

Prioritizing Cybersecurity Risk for Enterprise Risk Management

Date Published: February 2025

Supersedes: IR 8286B (02/10/2022)

Author(s)

Stephen Quinn (NIST), Nahla Ivy (NIST), Matthew Barrett (CyberESI Consulting Group), Gregory Witte (Huntington Ingalls Industries), Robert Gardner (New World Technology Partners)

Abstract

Keywords

cybersecurity risk management; cybersecurity risk measurement; cybersecurity risk register (CSRR); enterprise risk management (ERM); risk aggregation; risk conditioning; risk optimization; risk prioritization; risk response
Control Families

None selected

Documentation

Publication:
https://doi.org/10.6028/NIST.IR.8286B-upd1
Download URL

Supplemental Material:
See NIST IR 8286 Supplemental Material

Publication Parts:
IR 8286
IR 8286A
IR 8286C
IR 8286D

Document History:
02/26/25: IR 8286B (Final)

Topics

Security and Privacy

risk management, security measurement

Applications

enterprise