0 Reviews
$5,400.00 $4,050.00
(You save $1,350.00)
SKU:
RISK-B3
Availability:
Email Delivery Within 1-2 Business Days

Risk Bundle 3: RMP-CRAT-VPMP-CIRP

Maximum file size is 4.88 MB, file types are jpg, gif, tiff, bmp

Risk Bundle #3 - 25% discount

Products Included in The Risk Bundle #3 

This bundle contains everything from bundle #2, but adds on an incident response component.

Risk Management Program (RMP)

  • The RMP addresses the “how?” questions for how your company manages risk.
  • This is an editable Microsoft Word document that provides program-level guidance to directly supports the WISP and DSP policies and standards for managing cybersecurity risk.
  • In summary, this addresses fundamental needs when it comes to risk management requirements:
    • How risk is defined.
    • Who can accept risk.
    • How risk is calculated by defining potential impact and likelihood.
    • Necessary steps to reduce risk.
    • Risk considerations for vulnerability management.
  • The RMP is based on leading frameworks, such as NIST 800-37, NIST 800-39, ISO 31010 and COSO 2013.

Cybersecurity Risk Assessment (CRAT)

  • The CRAT supports the RMP product in answering the “how?” questions for how your company manages risk.
  • This contains both an editable Microsoft Word document and Microsoft Excel spreadsheet that allows for professional-quality risk assessments.
  • The CRAT directly supports the RMP, as well as the WISP and DSP policies and standards, for managing cybersecurity risk. It does this by enabling your company to produce risk assessment reports.

Vulnerability & Patch Management Program (VPMP)

  • The VPMP addresses the “how?” questions for how your company manages technical vulnerabilities and patch management operations.
  • This is an editable Microsoft Word document that provides program-level guidance to directly supports the WISP and DSP policies and standards for managing vulnerabilities.
  • In summary, this addresses fundamental needs when it comes to vulnerability management requirements:
    • Who is responsible for managing vulnerabilities.
    • What is in scope for patching and vulnerability management.
    • Defines the vulnerability management methodology.
    • Defines timelines for conducting patch management operations.
    • Considerations for assessing risk with vulnerability management.
    • Vulnerability scanning and penetration testing guidance.
    • Information Assurance (IA) guidance to support secure engineering activities.

Cybersecurity Incident Response Program (CIRP)

  • The CIRP addresses the “how?” questions for how your company manages cybersecurity incidents.
  • This is primarily an editable Microsoft Word document, but it comes with Microsoft Excel and Microsoft Visio templates.
  • In summary, this addresses fundamental needs when it comes to incident response requirements:
    • Defines the hierarchical approach to handling incidents.
    • Categorizes eleven different types of incidents and four different classifications of incident severity.
    • Defines the phases of incident response operations, including deliverables expected for each phase.
    • Defines the Integrated Security Incident Response Team (ISIRT) to enable a unified approach to incident response operations.
    • Defines the scientific method approach to incident response operations.
    • Provides guidance on how to write up incident reports (e.g., lessons learned).
    • Provides guidance on forensics evidence acquisition.
    • Identifies and defines Indicators of Compromise (IoC).
    • Identifies and defines sources of evidence.   
  • The CIRP contains “tabletop exercise” scenarios, based on the categories of incidents.
  • This helps provide evidence of due care in how your company handles cybersecurity incidents.
  • The CIRP is based on leading frameworks, such as NIST 800-37, NIST 800-39, ISO 31010 and COSO 2013.

Related Products

Reviews

Find Out Exclusive Information On Cybersecurity