U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Matthew Barrett (Ctr)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 1 - 12 of 12

Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight

December 18, 2025
Author(s)
Stephen Quinn, Nahla Ivy, Matthew Barrett, Robert Gardner, Matthew Smith, Greg Witte
This document is the third in a series that supplements NIST Interagency Report (IR) 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This series provides additional details regarding enterprise application of cybersecurity risk

Prioritizing Cybersecurity Risk for Enterprise Risk Management

February 26, 2025
Author(s)
Stephen Quinn, Nahla Ivy, Matthew Barrett, Greg Witte, Robert Gardner
This document is the second in a series that supplements NIST Interagency Report (IR) 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This series provides additional detail regarding the enterprise application of cybersecurity risk

Using Business Impact Analysis to Inform Risk Prioritization and Response

February 26, 2025
Author(s)
Stephen Quinn, Nahla Ivy, Julie Anne Chua, Matthew Barrett, Larry Feldman, Daniel Topper, Greg Witte, Robert Gardner
While business impact analysis (BIA) has historically been used to determine availability requirements for business continuity, the process can be extended to provide a broad understanding of the potential impacts of any type of loss on the enterprise

NIST Cybersecurity Framework 2.0: Enterprise Risk Management Quick-Start Guide

October 21, 2024
Author(s)
Stephen Quinn, Victoria Pillitteri, Matthew Barrett, Matthew Smith, Gregory Witte
This guide provides an introduction to using the NIST Cybersecurity Framework (CSF) 2.0 for planning and integrating an enterprise-wide process for integrating cybersecurity risk management information, as a subset of information and communications

NIST Cybersecurity Framework 2.0: Quick-Start Guide for Using the CSF Tiers

October 21, 2024
Author(s)
Stephen Quinn, Cherilyn Pascoe, Matthew Barrett, Karen Scarfone, Gregory Witte
This Quick-Start Guide describes how to apply the CSF 2.0 Tiers. CSF Tiers can be applied to CSF Organizational Profiles to characterize the rigor of an organization's cybersecurity risk governance and management outcomes. This can help provide context on

Framework for Improving Critical Infrastructure Cybersecurity Version 1.1

April 16, 2018
Author(s)
Matthew Barrett
This publication describes a voluntary risk management framework ("the Framework") that consists of standards, guidelines, and best practices to manage cybersecurity-related risk. The Framework's prioritized, flexible, and cost-effective approach helps to
Was this page helpful?