U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Stephen Quinn (Fed)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 1 - 25 of 42

Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight

March 6, 2024
Author(s)
Stephen Quinn, Nahla Ivy, Matthew Barrett, Greg Witte, R.K. Gardner
This document is the third in a series that supplements NIST Interagency/Internal Report (NISTIR) 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This series provides additional details regarding the enterprise application of

National Online Informative References (OLIR) Program: Overview, Benefits, and Use

February 26, 2024
Author(s)
Nicole Keller, Stephen Quinn, Karen Scarfone, Matthew Smith, Vincent Johnson
Information and communications technology (ICT) domains – such as cybersecurity, privacy, and Internet of Things (IoT) – have many requirements and recommendations made by national and international standards, guidelines, frameworks, and regulations. An

NIST Cybersecurity Framework 2.0: Resource & Overview Guide

February 26, 2024
Author(s)
Kristina Rigopoulos, Stephen Quinn, Cherilyn Pascoe, Jeffrey Marron, Amy Mahn, Daniel Topper
The NIST Cybersecurity Framework (CSF) 2.0 can help organizations manage and reduce their cybersecurity risks as they start or improve their cybersecurity program. The CSF outlines specific outcomes that organizations can achieve to address risk. Other

The NIST Cybersecurity Framework (CSF) 2.0

February 26, 2024
Author(s)
Cherilyn Pascoe, Stephen Quinn, Karen Scarfone
The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization —

Enterprise Impact of Information & Communications Technology Risk

November 17, 2023
Author(s)
Stephen Quinn, Nahla Ivy, Matthew Barrett, Larry Feldman, Daniel Topper, Greg Witte, Karen Scarfone, Robert Gardner, Julie Chua
All enterprises should ensure that information and communications technology (ICT) risk receives appropriate attention within their enterprise risk management (ERM) programs. This document is intended to help individual organizations within an enterprise

Information and Communications Technology (ICT) Risk Outcomes

November 17, 2023
Author(s)
Stephen Quinn, Nahla Ivy, Karen Scarfone, Matthew Barrett, Larry Feldman, Daniel Topper, Greg Witte, Robert Gardner, Julie Chua
The increasing frequency, creativity, and severity of technology attacks means that all enterprises should ensure that information and communications technology (ICT) risk is receiving appropriate attention within their enterprise risk management (ERM)

Using Business Impact Analysis to Inform Risk Prioritization and Response

November 17, 2022
Author(s)
Stephen Quinn, Nahla Ivy, Julie Chua, Matthew Barrett, Greg Witte, Larry Feldman, Daniel Topper, Robert Gardner
While business impact analysis (BIA) has historically been used to determine availability requirements for business continuity, the process can be extended to provide a broad understanding of the potential impacts of any type of loss on the enterprise

Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight

September 14, 2022
Author(s)
Stephen Quinn, Nahla Ivy, Greg Witte, Matthew Barrett, Robert Gardner
This document is the third in a series that supplements NIST Interagency/Internal Report (NISTIR) 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This series provides additional details regarding the enterprise application of

Prioritizing Cybersecurity Risk for Enterprise Risk Management

February 10, 2022
Author(s)
Stephen Quinn, Matthew Barrett, Greg Witte, Robert Gardner, Nahla Ivy
This document is the second in a series that supplements NIST Interagency/Internal Report (NISTIR) 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This series provides additional detail regarding the enterprise application of

Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management

November 12, 2021
Author(s)
Kevin Stine, Stephen Quinn, Nahla Ivy, Matthew Barrett, Greg Witte, Larry Feldman, Robert Gardner
This document supplements NIST Interagency or Internal Report 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM), by providing additional detail regarding risk guidance, identification, and analysis. This report offers examples and

Approaches for Federal Agencies to Use the Cybersecurity Framework

August 17, 2021
Author(s)
Jeffrey Marron, Victoria Yan Pillitteri, Jon M. Boyens, Stephen Quinn, Gregory Witte
The document highlights examples for implementing the Framework for Improving Critical Infrastructure Cybersecurity (known as the Cybersecurity Framework) in a manner that complements the use of other NIST security and privacy risk management standards

Getting Started with the NIST Cybersecurity Framework: A Quick Start Guide

August 6, 2021
Author(s)
Amy Mahn, Daniel Topper, Stephen Quinn, Jeffrey Marron
This document intends to provide direction and guidance to those organizations – in any sector or community – seeking to improve cybersecurity risk management via utilization of the NIST Framework for Improving Critical Infrastructure Cybersecurity

Integrating Cybersecurity and Enterprise Risk Management (ERM)

October 13, 2020
Author(s)
Kevin M. Stine, Stephen D. Quinn, Gregory A. Witte, Robert Gardner
The increasing frequency, creativity, and severity of cybersecurity attacks means that all enterprises should ensure that cybersecurity risk is receiving appropriate attention within their enterprise risk management (ERM) programs. This document is