NIST IR 8286C Rev. 1, Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight, completes the risk management cycle by detailing how prioritized risks are formally communicated and acted upon at the highest organizational levels. It introduces the concept of risk staging, which involves aggregating local cybersecurity risks into enterprise-level reports that provide executives and boards with a clear view of the organization’s overall security posture. By focusing on governance oversight and the selection of appropriate risk response strategies—such as acceptance, mitigation, transfer, or avoidance—the publication ensures that cyber risk is managed as a core business function rather than a siloed technical problem.
Publication's URL
https://csrc.nist.gov/pubs/ir/8286/c/r1/finalAdditional documents on this topic
- NIST IR 8286 Integrating Cybersecurity and Enterprise Risk Management (ERM) ★★★★★
- NIST IR 8286A Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management ★★★★★
- NIST IR 8286D Using Business Impact Analysis to Inform Risk Prioritization and Response
- FAIR Taxonomy for Cyber Risk Scenarios ★★★★★
- NIST IR 8286B Prioritizing Cybersecurity Risk for Enterprise Risk Management