NISTIR 8286DNISTIRFinalpublication

NISTIR 8286D - Using Business Impact Analysis to Inform Risk Prioritization and Response

Extends traditional business impact analysis beyond availability to include confidentiality and integrity impact analyses. Helps enterprise leaders determine critical and sensitive assets and establish risk appetite and tolerance as input to cybersecurity risk management.

View on NIST.gov

Publication Number

8286D

Series

NISTIR

Status

Final

Date

2022-11

business impact analysisBIAERMrisk prioritizationrisk appetite

References(2)

NISTIR 8286NISTIR 8286 - Integrating Cybersecurity and Enterprise Risk Management (ERM)CSF 2.0NIST Cybersecurity Framework (CSF) 2.0

Companion Documents(1)

NISTIR 8286NISTIR 8286 - Integrating Cybersecurity and Enterprise Risk Management (ERM)