Professionally-Written, Editable & Easily-Implemented Cybersecurity Risk Management Program
Most companies have requirements to perform risk assessments, but they lack the knowledge and experience to undertake such assessments. That means businesses are faced to either outsource the work to expensive consultants or they ignore the requirement and hope they do not get in trouble for being non-compliant with a compliance requirement. In either situation, it is not a good place to be. The good news is that ComplianceForge.com developed a viable risk management framework that will work for any sized company.
If you take credit cards, PCI DSS requires you to perform an annual risk assessment. If you live in Oregon or Massachusetts, those states have state laws that require risk assessments. The list goes on for federal and international laws!
Our latest version of the Cybersecurity Risk Management Program (RMP) includes:
What Is Risk?
Risk Management Activities
Risk Management Benefits
Who Has The Authority To Manage Risk
Risk Management Decisions
How Risk Is Categorized
Risk Management Principles
Risk Management Fundamentals
Risk Management Maturity Levels
Defining The Risk Appetite
Evaluating & Prioritizing Risks
Monitoring & Reporting Risk
Documenting Risk & Reporting Findings
Cybersecurity Risk Management Methodology
COSO – Strategic (Enterprise-Level Approach to Risk Management)
ISO – Operational (Initiative / Program-Level Approach to Risk Management)
NIST – Tactical (Asset / Project-Level Approach to Risk Management)
Threat & Risk Assessment (TRA) Methodology
Defining Potential Impact
Defining Potential Likelihood
Defining Criticality Levels for Assets / Systems / Data
Risk Considerations for Vulnerability Management
Cybersecurity Considerations for Protecting Systems
Proactive Response Planning
Flaw Remediation (Patch Management)
Security Testing & Evaluation (ST&E)
Sources of Risk
Risk Roles & Responsibilities
Risk Assessment Techniques
RMP Cost Savings
From surveying cybersecurity professionals, we created the following chart to provide a comparison of options for companies needing a documented cybersecurity risk management program. As you can see, when you factor in internal staff time to perform reviews and refinements with key stakeholders, purchasing a RMP from ComplianceForge is approximately 20% ($16,500+ savings) of the cost as compared to writing your own documentation and 14% ($26,500+ savings) of the cost as compared to hiring a consultant to write it for you!
What do you need to provide when you order the Cybersecurity Risk Management Program?
It is common in policies and other documentation to initial reference the official name of the organization (e.g., full legal name of the company) and the trade / DBA name that is used to commonly refer to the organization. This is usually written in this format: Official (Common). The reason for this is this covers calling out the legal entity the policy is written for, but then references the common name, by which the company will be referred to through the rest of the document. It makes documents much easier to read.
Examples of "official" and "common" business names are: