[Nahla K. Ivy]

The development of a new chapter for the Federal ERM Playbook was a major product and output of the COI in 2020. Attached are the final drafts of the Chapter and Appendix + Glossary that were submitted to Treasury in December 2020. This chapter will be incorporated into the revised Version 1.1 of the Federal ERM Playbook in early 2021. The chapter addresses the foundations of IT security and cybersecurity risk management and proposes best practices on how to integrate these functional domains of risk management into broader enterprise risk assessments and reporting that occur at the federal agency level. Many thanks to the numerous participants and contributors to the writing and review of this important addition to the Playbook.

Attachments:

1. Cyber-ERM-Playbook-Chapter-Appendices-Glossary_09.18.2020-Final_09.22.20.docx
2. Cyber-ERM-Playbook-Chapter_09.18.20-Final-Copy-12.22.20-changes-accepted.docx

[Nahla K. Ivy]

Posting final Federal ERM Playbook, 2021 update. Includes new Cyber-ERM Integration chapter, a direct product of the Cyber-ERM COI. Credit: 25 individuals contributed to this content, and are noted in the Playbook.

Attachments:

1. 

   ERM-Playbook_2022-Update_final_508-Compliant.pdf
   

2. 

   ERM-Playbook_April-2021-Update.pdf
   

[Andrew Brown]

Attached is an excerpt from a risk management document I was working on in a previous organization. Specifically, the risk impact category taxonomy and explanation of use.

Attachments:

1. Risk_Impact-Dimensions.docx

[Andrew Brown]

Update/Clarification
I would add that Third-party risks and /or Supply-Chain risks would be grouped under either “Service” as orgs. hire 3rd parties to perform a service, OR under “Staff” as Orgs hire 3rd party staffing resources.

[Author]

Posts