Listen free for 30 days

Listen with offer

Preview

£0.00 for first 30 days

Pick 1 audiobook a month from our unmatched collection - including bestsellers and new releases.
Listen all you want to thousands of included audiobooks, Originals, celeb exclusives, and podcasts.
Access exclusive sales and deals.
£7.99/month after 30 days. Renews automatically. See here for eligibility.

Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management

By: National Institute of Standards and Technology
Narrated by: Tom Brooks
Try for £0.00

£7.99/month after 30 days. Renews automatically. See here for eligibility.

Buy Now for £11.99

Buy Now for £11.99

Pay using card ending in
By completing your purchase, you agree to Audible's Conditions of Use and authorise Audible to charge your designated card or any other card on file. Please see our Privacy Notice, Cookies Notice and Interest-based Ads Notice.

Summary

All organizations face a broad array of risks, including cybersecurity risk. For federal agencies, the Office of Management and Budget (OMB) Circular A-11 defines risk as “the effect of uncertainty on objectives”. An organization’s mission and business objectives can be impacted by such effects, and must be managed at various levels within the organization. This report highlights aspects of cybersecurity risk management (CSRM) inherent to enterprises, organizations, and systems.

The terms "organization" and "enterprise" are often used interchangeably; however, without an understanding of organizational structure, effective risk management is impossible. For the purposes of this document, an organization is defined as an entity of any size, complexity, or position within a larger organizational structure. The enterprise exists at the top level of the hierarchy where senior leaders have unique risk governance responsibilities. Each enterprise, such as a corporation or government agency, is comprised of organizations supported by systems.

This report describes CSRM activities at each level. Note that there may be iterative levels within the enterprise and that positions may be relative. For example, a given enterprise (e.g., a bureau or corporate division) may represent an organization to the overarching agency or corporation. Enterprise risk management (ERM) calls for understanding the core (i.e., significant) risks that an organization faces, and this document provides supplemental guidance for aligning cyber security risks within an organization’s overall ERM program. Lessons learned from historical cybersecurity incidents demonstrate the importance of collaboration among CSRM and ERM.

PLEASE NOTE: When you purchase this title, the accompanying PDF will be available in your Audible Library along with the audio.

©2021 Tom Brooks (P)2021 Tom Brooks
activate_Holiday_promo_in_buybox_DT_T2

Listeners also enjoyed...

Trustworthy AI cover art
Cyber Intelligence Driven Risk cover art
Zero Trust and Third-Party Risk cover art
Cybersecurity cover art
Quality Assurance cover art
The AMA Handbook of Project Management, Fifth Edition cover art
Risk Management, Fifth Edition cover art
Nine Steps to Success cover art
ITIL Foundation Essentials ITIL 4 Edition cover art
Essential CISA Exam Guide: Updated for the 26th Edition cover art
Business Continuity Management cover art
Cybersecurity for Beginners cover art
Certified Information Security Manager CISM Study Guide cover art
Prepare for the ISACA Certified Information Security Manager Exam cover art
ISO27001/ISO27002: A Pocket Guide cover art
Essential CISM: Updated for the 16th Edition CISM Review Manual cover art

What listeners say about Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management

Average customer ratings

Reviews - Please select the tabs below to change the source of reviews.