NIST opens comment period on cyber and enterprise risk management guide

A new draft from the National Institute of Standards and Technology offers further guidance on integrating cyber into broader enterprise risk management efforts, building off an October report with more details and examples.

The agency will accept comments through Feb. 1 on draft NISTIR 8286A, “Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management,” which fleshes out “concepts introduced in NISTIR 8286. … It specifically highlights that cybersecurity risk management is an integral part of ERM—both taking its direction...