Skip to content
Home

Authority

NIST IR 8286 Integrating Cybersecurity and Enterprise Risk Management (ERM)

NIST IR 8286 Rev. 1, Integrating Cybersecurity and Enterprise Risk Management (ERM), provides a strategic framework for bridging the gap between technical security operations and high-level business decision-making. It emphasizes… Read More »NIST IR 8286 Integrating Cybersecurity and Enterprise Risk Management (ERM)

NIST IR 8286A Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management

NIST IR 8286A Rev. 1, Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management, serves as a specialized companion to the main framework by providing deep-dive methodologies for the initial… Read More »NIST IR 8286A Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management

NIST IR 8286C Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight

NIST IR 8286C Rev. 1, Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight, completes the risk management cycle by detailing how prioritized risks are formally communicated and acted… Read More »NIST IR 8286C Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight

NIST IR 8286D Using Business Impact Analysis to Inform Risk Prioritization and Response

NIST IR 8286D, Using Business Impact Analysis to Inform Risk Prioritization and Response, bridges the gap between traditional Business Impact Analysis (BIA) and modern cybersecurity risk management. It provides a… Read More »NIST IR 8286D Using Business Impact Analysis to Inform Risk Prioritization and Response

NIST SP 800-37 Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy

NIST Special Publication 800-37, Revision 2, titled “Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy,” provides comprehensive guidelines for applying the… Read More »NIST SP 800-37 Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy