1、NIST Interagency Report NIST IR 8286D-upd1 Using Business Impact Analysis to Inform Risk Prioritization and Response Stephen Quinn Nahla Ivy Julie Chua Matthew Barrett Larry Feldman Daniel Topper Greg Witte R.K.Gardner This publication is available free of charge from:https:/doi.org/10.6028/NIST.IR.

2、8286D-upd1 NIST Interagency Report NIST IR 8286D-upd1 Using Business Impact Analysis to Inform Risk Prioritization and Response Stephen Quinn Computer Security Division Information Technology Laboratory Matthew Barrett CyberESI Consulting Group,Inc.Baltimore,MD Nahla Ivy Enterprise Risk Management O

3、ffice Office of Financial Resource Management Larry Feldman Daniel Topper Greg Witte Huntington Ingalls Industries Annapolis Junction,MD Julie Chua Office of Information Security Office of the Chief Information Officer(OCIO)U.S.Department of Health and Human Services R.K.Gardner New World Technology

4、 Partners Annapolis,MD February 2025 INCLUDES UPDATES AS OF 02-26-2025;SEE APPENDIX B U.S.Department of Commerce Howard Lutnick,Secretary of Commerce National Institute of Standards and Technology Craig Burkhardt,Acting Under Secretary of Commerce for Standards and Technology and Acting NIST Directo

5、r NIST IR 8286D-upd1 Using Business Impact Analysis to Inform February 2025 Risk Prioritization and Response Certain commercial entities,equipment,or materials may be identified in this document in order to describe an experimental procedure or concept adequately.Such identification is not intended

6、to imply recommendation or endorsement by the National Institute of Standards and Technology(NIST),nor is it intended to imply that the entities,materials,or equipment are necessarily the best available for the purpose.There may be references in this publication to other publications currently under