The National Institute of Standards and Technology (NIST) has released the final version of Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management, supporting the agency’s report on integrating cybersecurity and enterprise risk management.
The report is intended to guide organizations on how to prioritize, manage and respond to cybersecurity risks within their ERM programs by illustrating methods for identifying and analyzing the severity of threats.
The report also highlights the importance of creating an enterprise risk register to properly document the potential impacts of cybersecurity risks on enterprise assets and develop an appropriate risk mitigation plan.
NIST is expected to release the draft of a third companion document detailing processes for oversight of cybersecurity risks for public comments in the coming weeks.
