What Does RMP Stand For?
The acronym RMP stands for Risk Management Program. It is a program that is designed to help organizations identify, assess, respond to and monitor risks continuously to protect assets and achieve business objectives.
The RMP provides clear, concise documentation that provides a "paint by numbers" approach to how risk is managed. It addresses fundamental needs when it comes to what is expected in cybersecurity risk management:
- How risk is defined;
- Who can accept risk;
- How risk is calculated by defining potential the impact and likelihood;
- Necessary steps to reduce risk; and
- Risk considerations for vulnerability management.
The RMP is based on leading frameworks, such as NIST Risk Management Framework (NIST 800-37 rev2), NIST 800-39, ISO 31010 and COSO 2013.