Skip to content
Home

Country

NIST IR 8286 Integrating Cybersecurity and Enterprise Risk Management (ERM)

NIST IR 8286 Rev. 1, Integrating Cybersecurity and Enterprise Risk Management (ERM), provides a strategic framework for bridging the gap between technical security operations and high-level business decision-making. It emphasizes… Read More »NIST IR 8286 Integrating Cybersecurity and Enterprise Risk Management (ERM)

NIST IR 8286A Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management

NIST IR 8286A Rev. 1, Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management, serves as a specialized companion to the main framework by providing deep-dive methodologies for the initial… Read More »NIST IR 8286A Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management

NIST IR 8286C Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight

NIST IR 8286C Rev. 1, Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight, completes the risk management cycle by detailing how prioritized risks are formally communicated and acted… Read More »NIST IR 8286C Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight

NIST IR 8286D Using Business Impact Analysis to Inform Risk Prioritization and Response

NIST IR 8286D, Using Business Impact Analysis to Inform Risk Prioritization and Response, bridges the gap between traditional Business Impact Analysis (BIA) and modern cybersecurity risk management. It provides a… Read More »NIST IR 8286D Using Business Impact Analysis to Inform Risk Prioritization and Response

NIST SP 800-221 Enterprise Impact of Information and Communications Technology Risk: Governing and Managing ICT Risk Programs Within an Enterprise Risk Portfolio

NIST SP 800-221 serves as the critical functional bridge between enterprise-level strategy and technical delivery, focusing on the Enterprise Impact of Information and Communications Technology (ICT) Risk. It moves beyond… Read More »NIST SP 800-221 Enterprise Impact of Information and Communications Technology Risk: Governing and Managing ICT Risk Programs Within an Enterprise Risk Portfolio

ISO/IEC 27005:2022 Information security, cybersecurity and privacy protection — Guidance on managing information security risks

ISO/IEC 27005 is an international standard that provides comprehensive guidelines for information security risk management, forming a key part of the ISO/IEC 27000 family of standards. It outlines a structured… Read More »ISO/IEC 27005:2022 Information security, cybersecurity and privacy protection — Guidance on managing information security risks

NIST SP 800-37 Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy

NIST Special Publication 800-37, Revision 2, titled “Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy,” provides comprehensive guidelines for applying the… Read More »NIST SP 800-37 Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy