April 10, 2020
NIST seeks comment on guide for merging cybersecurity with enterprise-wide risk management
The National Institute of Standards and Technology has issued for comment draft guidelines on how an organization can integrate cybersecurity into its broader risk-management practices, which can include addressing financial and regulatory risks.
“All enterprises should ensure cybersecurity risk gets the appropriate attention within their enterprise risk management (ERM) programs, which address all types of risk,” the agency says in its Thursday announcement of draft NIST Internal Report 8286. Comments are due on April 20.
“Individual organizations within an...