NIST releases final publication on enterprise risk management for IT, communications sectors

The National Institute of Standards and Technology has finalized guidance on how to govern and manage risk as part of an enterprise-wide plan, with a specific focus on considerations in the information and communications technology sector.

“Information and Communications Technology (ICT) spans all tools, devices, data, infrastructure, and components and it’s a broad concept that continues to evolve. Enterprise Risk Management (ERM) programs should consider ICT risks alongside those in other risk disciplines like financial or legal which consider the...