Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST IR 8286D

Using Business Impact Analysis to Inform Risk Prioritization and Response

Date Published: November 2022

Author(s)

Stephen Quinn (NIST), Nahla Ivy (NIST), Julie Chua (U.S. Department of Health and Human Services), Matthew Barrett (CyberESI Consulting Group), Larry Feldman (Huntington Ingalls Industries), Daniel Topper (Huntington Ingalls Industries), Gregory Witte (Huntington Ingalls Industries), Robert Gardner (New World Technology Partners)

Abstract

Keywords

business impact analysis; cybersecurity risk management; cybersecurity risk register; enterprise risk management; information and communications technology
Control Families

None selected

Documentation

Publication:
https://doi.org/10.6028/NIST.IR.8286D
Download URL

Supplemental Material:
See NISTIR 8286 Supplemental Material

Publication Parts:
IR 8286
IR 8286A
IR 8286B
IR 8286C

Document History:
06/09/22: IR 8286D (Draft)
11/17/22: IR 8286D (Final)