Risk Bundle 2: RMP-CRA-VPMP-IIRP
No reviews yet
$7,675.00
$5,756.00
(You save $1,919.00 )

Risk Bundle 2: Risk, Vulnerability & IR Management

SKU:
RISK-B2-NO
UPC:
692878857086
Availability:
Email Delivery Within 1-2 Business Days

Maximum file size is 15000KB, file types are bmp, gif, jpg, jpeg, jpe, jif, jfif, jfi, png, wbmp, xbm, tiff

Adding to cart… The item has been added

cybersecurity risk management and risk assessment template

Cybersecurity Risk Bundle #2 (25% discount)

This is a bundle that includes the following four (4) ComplianceForge products that are focused on operationalizing cybersecurity risk management:

  1. Risk Management Program (RMP)
  2. Cybersecurity Risk Assessment Template (CRA)
  3. Vulnerability & Patch Management Program (VPMP)
  4. Integrated Incident Response Program (IIRP) 

Why Are These Products Part of The Bundle?

This bundle is designed for organizations that need a cost-effective and timely solution to obtain risk management documentation and a professional risk assessment template. However, it also adds on vulnerability management and incident response documentation to provide a robust risk management solution for companies that already have policies and standards, but need to enhance how risk is actually managed. Being Microsoft Word and Excel documents, you have the ability to make edits, as needed. Please note that if you want a customized bundle, we are happy to create one for you. Just contact us with your needs and we will generate a quote for you.

Cost Savings Estimate - Risk Bundle #2

When you look at the costs associated with either (1) hiring an external consultant to write cybersecurity documentation for you or (2) tasking your internal staff to write it, the cost comparisons paint a clear picture that buying from ComplianceForge is the logical option. Compared to hiring a consultant, you can save months of wait time and tens of thousands of dollars. Whereas, compared to writing your own documentation, you can potentially save hundreds of work hours and the associated cost of lost productivity. Purchasing this bundle from ComplianceForge offers these fundamental advantages when compared to the other options for obtaining quality cybersecurity documentation:

  • For your internal staff to generate comparable documentation, it would take them an estimated 700 internal staff work hours, which equates to a cost of approximately $59,000 in staff-related expenses. This is about 6-12 months of development time where your staff would be diverted from other work.
  • If you hire a consultant to generate this documentation, it would take them an estimated 430 contractor work hours, which equates to a cost of approximately $130,000. This is about 4-8 months of development time for a contractor to provide you with the deliverable.
  • This bundle is approximately 6% of the cost for a consultant or 13% of the cost of your internal staff to generate equivalent documentation.
  • We process most orders the same business day so you can potentially start working with the documentation the same day you place your order.

cybersecurity risk bundle 2

Products Included in Risk Bundle #2

integrated incident response plan Integrated Incident Response Program (IIRP)
The IIRP addresses the “how?” questions for how your company manages cybersecurity incidents.
  • This is primarily an editable Microsoft Word document, but it comes with Microsoft Excel and Microsoft Visio templates.
  • In summary, this addresses fundamental needs when it comes to incident response requirements:
    • Defines the hierarchical approach to handling incidents.
    • Categorizes eleven different types of incidents and four different classifications of incident severity.
    • Defines the phases of incident response operations, including deliverables expected for each phase.
    • Defines the Integrated Security Incident Response Team (ISIRT) to enable a unified approach to incident response operations.
    • Defines the scientific method approach to incident response operations.
    • Provides guidance on how to write up incident reports (e.g., lessons learned).
    • Provides guidance on forensics evidence acquisition.
    • Identifies and defines Indicators of Compromise (IoC).
    • Identifies and defines sources of evidence.  
    • The IIRP contains “tabletop exercise” scenarios, based on the categories of incidents.
    • This helps provide evidence of due care in how your company handles cybersecurity incidents.
    • The IIRP is based on industry-leading practices for incident response.
risk management program Risk Management Program (RMP)
The RMP addresses the “how?” questions for how your company manages risk.
  • This is an editable Microsoft Word document that provides program-level guidance to directly supports the WISP and DSP policies and standards for managing cybersecurity risk.
  • In summary, this addresses fundamental needs when it comes to risk management requirements:
    • How risk is defined.
    • Who can accept risk.
    • How risk is calculated by defining potential impact and likelihood.
    • Necessary steps to reduce risk.
    • Risk considerations for vulnerability management.
    • The RMP is based on leading frameworks, such as NIST 800-37, NIST 800-39, ISO 31010 and COSO 2013.
cybersecurity risk assessment template Cybersecurity Risk Assessment (CRA) Template
The CRA supports the RMP product in answering the “how?” questions for how your company manages risk.
  • This contains both an editable Microsoft Word document and Microsoft Excel spreadsheet that allows for professional-quality risk assessments.
  • The CRA directly supports the Risk Management Program (RMP), as well as the WISP/DSP's policies and standards, for managing cybersecurity risk. It does this by enabling your company to produce risk assessment reports.
vulnerability & patch management program Vulnerability & Patch Management Program (VPMP)
The VPMP addresses the “how?” questions for how your company manages technical vulnerabilities and patch management operations.
  • This is an editable Microsoft Word document that provides program-level guidance to directly supports the WISP and DSP policies and standards for managing vulnerabilities.
  • In summary, this addresses fundamental needs when it comes to vulnerability management requirements:
    • Who is responsible for managing vulnerabilities.
    • What is in scope for patching and vulnerability management.
    • Defines the vulnerability management methodology.
    • Defines timelines for conducting patch management operations.
    • Considerations for assessing risk with vulnerability management.
    • Vulnerability scanning and penetration testing guidance.

 

Optional Professional Services (Add On)

ComplianceForge offers optional professional services to customize purchased documentation. Professional services are not required to customize ComplianceForge documentation. However, some clients want our subject matter expertise to help customize their documentation to meet their specific business needs. If you have any questions about our professional services, please contact us at: www.complianceforge.com/contact-us/.

We offer our professional services in bundles of: five (5), ten (10) & twenty (20) hours.

Purchased professional service hours will expire after 120 days (4 months) from the time of purchase before they expire.

 

Reviews


Learn More About Cybersecurity & Data Privacy

!