Approaches for federal agencies to use the cybersecurity framework

Barrett, Matthew J.; Marron, Jeff; Pillitteri, Victoria; Boyens, Jon M.; Quinn, Stephen; Witte, Greg; Feldman, Larry

doi:10.6028/nist.ir.8170

Cited by 11 publications

(25 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The Circular emphasizes the need to integrate and coordinate risk management and strong and effective internal control into existing business activities and as an integral part of managing an agency." [4]…”

Section: Lack Of Measuresmentioning

confidence: 99%

“…3 (See Section 2.2.4 for more information on what systems are.) For example, NIST IR 8170 [4] uses enterprise risk management and organization-wide risk management interchangeably. The scope of IR 8170 includes smaller enterprises than this publication does, so an enterprise as defined in IR 8170 may be comprised of a single organization.…”

Section: Introduction 271mentioning

confidence: 99%

“…The goal is to help the personnel in those enterprises and their subordinate organizations and systems to better identify, assess, and manage their cybersecurity risks in the context of their broader mission and business objectives. 4 This document will help 296 high-level executives and corporate officers understand the challenges cybersecurity 297 professionals face in providing them the information they are accustomed to getting for other 298 types of risk. This document also will help cybersecurity professionals to understand what 299 executives and corporate officers need to carry out enterprise risk management (ERM).…”

mentioning

confidence: 99%

“…1 [8]) 7 "OMB Circular A-123 establishes an expectation for federal agencies to proactively consider and address risks through an integrated, organization-level view of events, conditions, or scenarios that impact mission achievement." [4] influenced by legal or regulatory requirements. [7] Risk appetite is usually defined at the enterprise or organizational level, while risk tolerance is usually defined at the system level.…”

mentioning

confidence: 99%

“…[7] Risk appetite is usually defined at the enterprise or organizational level, while risk tolerance is usually defined at the system level. 9 [4]…”

mentioning

confidence: 99%

See 4 more Smart Citations

Advancing Cybersecurity and Enterprise Risk Management (ERM):

Stine¹,

Quinn²,

Witte³

et al. 2020

Preprint

Self Cite

View full text Add to dashboard Cite

There may be references in this publication to other publications currently under development by NIST in accordance with its assigned statutory responsibilities. The information in this publication, including concepts and methodologies, may be used by federal agencies even before the completion of such companion publications. Thus, until each publication is completed, current requirements, guidelines, and procedures, where they exist, remain operative. For planning and transition purposes, federal agencies may wish to closely follow the development of these new publications by NIST. Organizations are encouraged to review all draft publications during public comment periods and provide feedback to NIST. Many NIST cybersecurity publications, other than the ones noted above, are available at https://csrc.nist.gov/publications.

show abstract

Section: Lack Of Measuresmentioning

confidence: 99%

Section: Introduction 271mentioning

confidence: 99%

mentioning

confidence: 99%

mentioning

confidence: 99%

“…[7] Risk appetite is usually defined at the enterprise or organizational level, while risk tolerance is usually defined at the system level. 9 [4]…”

mentioning

confidence: 99%

See 3 more Smart Citations

Advancing Cybersecurity and Enterprise Risk Management (ERM):

Stine¹,

Quinn²,

Witte³

et al. 2020

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

The Generation of Software Security Scoring Systems Leveraging Human Expert Opinion

Mell

2022

2022 IEEE 29th Annual Software Technology Conference (STC)

View full text Add to dashboard Cite

A Conceptual Model for Internet of Things Risk Assessment in Healthcare Domain with Deep Learning Approach

et al. 2020

View full text Add to dashboard Cite

The Internet of Things (IoT) has become a prevalent technology in the IT industry. One of the industries that can benefit extensively in this technology is healthcare. However, the healthcare IoT is still under debate with several studies suggesting it is lack of interoperability, security, and too much complexity. Even more, the risk involved in deploying it is still enormous. Many traditional risk assessment models are unable to provide a specific IoT risk guideline and specification, especially in the healthcare area. Thus, it is essential to understand the full extent of the IoT risk and how to manage its risk in the healthcare area. The risk management models, such as NIST SP 800-30, ISO/IEC 27005, OCTAVE, CRAMM, and EBIOS, which are among the leading and widely used in many areas and healthcare fields, have also been described. Besides, this paper includes a review of three IoT risk assessment models that are based on ABA-IDS, Deep Learning, and AHP-SVM. Based on the review analysis, we proposed a new enhanced healthcare IoT risk assessment model, which aims to provide a real-time monitoring and mitigating risks that incorporate the NIST SP 800-30 framework, ABA-IDS, and CNN deep learning. This shall constitute a better classification of each risk identified to find the best risk mitigation plan.

show abstract

Approaches for federal agencies to use the cybersecurity framework

Cited by 11 publications

References 10 publications

Advancing Cybersecurity and Enterprise Risk Management (ERM):

Advancing Cybersecurity and Enterprise Risk Management (ERM):

The Generation of Software Security Scoring Systems Leveraging Human Expert Opinion

A Conceptual Model for Internet of Things Risk Assessment in Healthcare Domain with Deep Learning Approach

Contact Info

Product

Resources

About