Risk Appetite Working Group

Tagged: cybersecurity, ERM, integration, risk appetite, templates, tools

This topic has 11 replies, 4 voices, and was last updated 8 months, 4 weeks ago by Andrew Brown.

Viewing 10 reply threads

Author

Posts
- January 23, 2024 at 8:41 am #18134
  
  Nahla K. Ivy
  Participant
  
  This is to initiate a thread for the Risk Appetite Working Group, led by Eric Chism (NTSB) and Nicole Rohloff (Xcel Energy). This group will prepare guidance, examples, tools, and templates, applying best practices in the preparation of cybersecurity risk appetite statements.
- January 23, 2024 at 8:45 am #18135
  Nahla K. Ivy
  Participant
  Uploading Latest project team Work Plan (1/22/24)
  Attachments:
  
  Draft-ERM-Cyber-COI_-RA_-RT_Workgroup-Planning-Document_Revised-1.21.24.docx
- January 24, 2024 at 7:19 am #18142
  
  Eric Chism
  Participant
  
  Testing 1 2 3
  - January 30, 2024 at 1:37 pm #18174
    
    Nicole Rohloff
    Participant
    
    Testing
- January 24, 2024 at 7:22 am #18143
  Eric Chism
  Participant
  I am uploading some of the documents previously shared with the team
  Attachments:
  COSO-in-the-Cyber-Age.pdf
- February 26, 2024 at 10:40 am #18256
  
  Nahla K. Ivy
  Participant
  
  Posting copy of the Cyber-ERM Quick Start Guide.
- February 26, 2024 at 10:45 am #18258
  Nahla K. Ivy
  Participant
  Posting copy of the Cyber-ERM Quick Start Guide.
  Attachments:
  ERMQSG_20240209-r1.pdf
- February 27, 2024 at 12:52 pm #18270
  Eric Chism
  Participant
  FAIR Documents from the Feb 26 RA/RT Working Group Meeting
  Attachments:
  An-Introduction-to-the-FAIR-Materiality-Assessment-Model.pdf
  An-Introduction-to-the-Open-FAIR-Body-of-Knowledge-1.1.pdf
  How-to-put-Open-Fair-Risk-Analysis-Into-Action.pdf
  Introduction-to-the-FAIR-Controls-Analytics-Model-FAIR-CAM™_.pdf
- February 27, 2024 at 12:53 pm #18275
  Eric Chism
  Participant
  FAIR Documents from the Feb 26 RA/RT Working Group Meeting (Part II)
  Attachments:
  Open-FAIR-Risk-Analysis-Example-Guide.pdf
  Open-FAIR-Risk-Analysis-Process-Guide.pdf
- March 5, 2024 at 3:31 pm #18305
  Andrew Brown
  Participant
  This is somewhat duplicative of the NISTIR 8286. There’s a few points of clarity that the NISTIR doesn’t address. It is very much in a draft state.
  Attachments:
  
  Risk_Appetite-Tolerance_Statements.docx
- March 12, 2024 at 10:20 am #18334
  
  Andrew Brown
  Participant
  
  I’m listening to the CSF 2.0 briefing from NIST on the Cyber-ERM COI meeting today. Perhaps a “quick-start” guide for developing a Risk Appetite statement, a Risk tolerance statement and ultimately a Risk profile. We may be able to plagiarize… reuse the NIST quick start guide(s). Duplication of terminology, process only reinforces the documents
- March 27, 2024 at 9:21 am #18401
  Andrew Brown
  Participant
  I’ve obtained permission from the original author (Lucas Everly-Commonwealth of PA) to modify this document. The original intent was to clarify/visualize the difference between appetite/tolerance and risk thresholds.
  Attachments:
  Risk-Landscape.pdf
Author

Posts