In November 2023, the National Institute of Standards and Technology (NIST) issued NIST Special Publication NIST SP 800-221 (SP). The publication is entitled “Enterprise Impact of Information and Communications Technology Risk: Governing and Managing ICT Risk Programs Within an Enterprise Risk Portfolio. (1) This SP provides a guide for integrating ICT Risk Management with the larger Enterprise Risk Management (ERM) framework. Continue reading →