The integration of Enterprise Risk Management (ERM) with Information and Communication Technology (ICT) risk is crucial for modern organizations. With the rapid advancement of technology and digital transformation, ICT risk has become one of the primary challenges faced by enterprises. NIST SP800-221 emphasizes the necessity of incorporating ICT risk management into the enterprise risk portfolio and provides detailed guidelines to help organizations effectively manage these risks. By combining ICT risk with the ERM framework, organizations can better identify, analyze, and respond to potential risks, thereby enhancing organizational resilience and strategic decision-making capabilities. This integration not only helps protect the security and integrity of information systems but also ensures that risk management measures are aligned with the organization's mission and business objectives.