NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Nahla Ivy (Fed)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 1 - 9 of 9

Prioritizing Cybersecurity Risk for Enterprise Risk Management

February 26, 2025
Author(s)
Stephen Quinn, Nahla Ivy, Matthew Barrett, Greg Witte, Robert Gardner
This document is the second in a series that supplements NIST Interagency Report (IR) 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This series provides additional detail regarding the enterprise application of cybersecurity risk

Using Business Impact Analysis to Inform Risk Prioritization and Response

February 26, 2025
Author(s)
Stephen Quinn, Nahla Ivy, Julie Anne Chua, Matthew Barrett, Larry Feldman, Daniel Topper, Greg Witte, Robert Gardner
While business impact analysis (BIA) has historically been used to determine availability requirements for business continuity, the process can be extended to provide a broad understanding of the potential impacts of any type of loss on the enterprise

Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight

March 6, 2024
Author(s)
Stephen Quinn, Nahla Ivy, Matthew Barrett, Greg Witte, R.K. Gardner
This document is the third in a series that supplements NIST Interagency/Internal Report (NISTIR) 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This series provides additional details regarding the enterprise application of

Enterprise Impact of Information & Communications Technology Risk

November 17, 2023
Author(s)
Stephen Quinn, Nahla Ivy, Matthew Barrett, Larry Feldman, Daniel Topper, Greg Witte, Karen Scarfone, Robert Gardner, Julie Chua
All enterprises should ensure that information and communications technology (ICT) risk receives appropriate attention within their enterprise risk management (ERM) programs. This document is intended to help individual organizations within an enterprise

Information and Communications Technology (ICT) Risk Outcomes

November 17, 2023
Author(s)
Stephen Quinn, Nahla Ivy, Karen Scarfone, Matthew Barrett, Larry Feldman, Daniel Topper, Greg Witte, Robert Gardner, Julie Chua
The increasing frequency, creativity, and severity of technology attacks means that all enterprises should ensure that information and communications technology (ICT) risk is receiving appropriate attention within their enterprise risk management (ERM)

Using Business Impact Analysis to Inform Risk Prioritization and Response

November 17, 2022
Author(s)
Stephen Quinn, Nahla Ivy, Julie Chua, Matthew Barrett, Greg Witte, Larry Feldman, Daniel Topper, Robert Gardner
While business impact analysis (BIA) has historically been used to determine availability requirements for business continuity, the process can be extended to provide a broad understanding of the potential impacts of any type of loss on the enterprise

Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight

September 14, 2022
Author(s)
Stephen Quinn, Nahla Ivy, Greg Witte, Matthew Barrett, Robert Gardner
This document is the third in a series that supplements NIST Interagency/Internal Report (NISTIR) 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This series provides additional details regarding the enterprise application of

Prioritizing Cybersecurity Risk for Enterprise Risk Management

February 10, 2022
Author(s)
Stephen Quinn, Matthew Barrett, Greg Witte, Robert Gardner, Nahla Ivy
This document is the second in a series that supplements NIST Interagency/Internal Report (NISTIR) 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This series provides additional detail regarding the enterprise application of

Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management

November 12, 2021
Author(s)
Kevin Stine, Stephen Quinn, Nahla Ivy, Matthew Barrett, Greg Witte, Larry Feldman, Robert Gardner
This document supplements NIST Interagency or Internal Report 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM), by providing additional detail regarding risk guidance, identification, and analysis. This report offers examples and
Was this page helpful?