New NIST report completes risk management series offering tools for integrating cyber into enterprise risk decision-making

NIST has released the final report in a series on integrating cyber risk management and enterprise risk management, with an eye toward improving government and private sector decision-making in addressing cybersecurity priorities.

“NIST IR 8286C describes methods for combining risk information from across the enterprise, including notional examples for aggregating and normalizing the results from cybersecurity risk registers (CSRRs) while considering risk parameters, criteria, and business impacts,” according to a statement issued Wednesday by the National Institute of Standards...