I was surprised and pleased, surprised and flattered, and then disappointed by a new publication by NIST (the US Department of Commerce’s National Institute of Standards and Technology). NIST published NISTIR 8286D, Using Business Impact Analysis to Inform Risk Prioritization and Response this month. I have been saying that in order to understand how a […]
New US government guidance on cyber risk
Great observations on the narrow focus of NIST on the technical and not the business risks