NIST has published NISTIR 8286B, Prioritizing Cybersecurity Risk for Enterprise Risk Management. This report builds on the risk strategy and risk identification activities described in NISTIR 8286A and illustrates the need to ensure that enterprise context, priorities, and strategies are considered when making decisions about how best to respond to cybersecurity risks. The report encourages collaboration among cybersecurity and ERM managers to help enterprises apply, improve, and monitor the quality of cooperation and communication.

NISTIR 8286B provides specifics about integrating cybersecurity risk management (CSRM) with enterprise risk management (ERM), as well as a detailed approach to the high-level processes described in NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This report also describes methods for applying enterprise objectives to prioritize identified risks and to subsequently select and apply the appropriate responses. It explains how the cybersecurity risk register ...