Cyber-ERM Playbook Chapter (FINAL DRAFT)

Viewing 3 reply threads
  • Author
    Posts
    • March 1, 2021 at 3:17 pm #12373
      Nahla K. Ivy
      Keymaster

      The development of a new chapter for the Federal ERM Playbook was a major product and output of the COI in 2020. Attached are the final drafts of the Chapter and Appendix + Glossary that were submitted to Treasury in December 2020. This chapter will be incorporated into the revised Version 1.1 of the Federal ERM Playbook in early 2021. The chapter addresses the foundations of IT security and cybersecurity risk management and proposes best practices on how to integrate these functional domains of risk management into broader enterprise risk assessments and reporting that occur at the federal agency level. Many thanks to the numerous participants and contributors to the writing and review of this important addition to the Playbook.

      Attachments:
      1. Cyber-ERM-Playbook-Chapter-Appendices-Glossary_09.18.2020-Final_09.22.20.docx
      2. Cyber-ERM-Playbook-Chapter_09.18.20-Final-Copy-12.22.20-changes-accepted.docx
    • January 19, 2024 at 5:03 pm #18125
      Nahla K. Ivy
      Keymaster

      Posting final Federal ERM Playbook, 2021 update. Includes new Cyber-ERM Integration chapter, a direct product of the Cyber-ERM COI. Credit: 25 individuals contributed to this content, and are noted in the Playbook.

      Attachments:

      1. ERM-Playbook_2022-Update_final_508-Compliant.pdf

      2. ERM-Playbook_April-2021-Update.pdf

    • March 5, 2024 at 10:53 am #18296
      Andrew Brown
      Participant

      Attached is an excerpt from a risk management document I was working on in a previous organization. Specifically, the risk impact category taxonomy and explanation of use.

      Attachments:
      1. Risk_Impact-Dimensions.docx
    • March 8, 2024 at 12:56 pm #18319
      Andrew Brown
      Participant

      Update/Clarification
      I would add that Third-party risks and /or Supply-Chain risks would be grouped under either “Service” as orgs. hire 3rd parties to perform a service, OR under “Staff” as Orgs hire 3rd party staffing resources.

  • Author
    Posts
Viewing 3 reply threads
  • You must be logged in to reply to this topic.