Hi All,
NIST is issuing best practices on how to better integrate ICT risk programs into an overarching ERM portfolio-given special attention to coordination and communication across risk programs. These resources will help ICT risk practitioners at all levels of the enterprise and across private and public sectors to better understand and practice ICT risk management in coordination with ERM.
NIST Special Publication 800-221, Enterprise Impact of Information and Communications Technology Risk: Governing and Managing ICT Risk Programs Within an Enterprise Risk Portfolio - https://csrc.nist.gov/pubs/sp/800/221/final
This publication helps in understanding the relationship between ICT risk management and ERM-and the benefits of integrating those approaches. This includes ICT risk guidance on how all ICT risk programs, including individual programs such as privacy, supply chain, and cybersecurity, integrate into ERM.
NIST Special Publication 800-221A Information and Communications Technology (ICT) Risk Outcomes: Integrating ICT Risk Management Programs with the Enterprise Risk Portfolio - https://csrc.nist.gov/pubs/sp/800/221/a/final
This publication provides desired outcomes and applicable references common across all types of ICT risk; it offers a common language for understanding, managing, and expressing ICT risk to internal and external stakeholders and can help identify and prioritize actions to reduce ICT risk. The core of this publication can be browsed and downloaded in popular formats such as JavaScript Object Notation (JSON) and Microsoft Excel (XSLS) using the NIST Cybersecurity and Privacy Tool (CPRT).
------------------------------
Michael Roza CPA, CISA, CIA, CC, MBA, Exec MBA, CSA Research Fe
------------------------------