NIST offers ways to use business impact analysis for setting cybersecurity priorities

A draft report from NIST discusses ways to use impact analyses as business managers attempt to establish priorities in addressing cybersecurity risks.

“Traditional business impact analyses (BIAs) have been successfully used for business continuity and disaster recovery (BC/DR) by triaging damaged infrastructure recovery actions that are primarily based on the duration and cost of system outages (i.e., availability compromise). However, BIA analyses can be easily expanded to consider other cyber-risk compromises and remedies,” according to NIST.

The draft version of...