What is a Risk Management Program (RMP)?

What is a Risk Management Program (RMP)? 

A Risk Management Program (RMP) is essentially a "risk management playbook" for how your organization addresses the broader concepts of risk management that are not provided by a policy or standard. These are the details that explain how risk is actually managed.  

Risk, threat and vulnerability management practices are meant to achieve a minimum level of protection - this equates to a reduction in the total risk due to the protections offered by implemented controls. These ecosystem components have unique meanings that need to be understood to reasonably protect people, processes, technology and data. Understanding the context of how these components integrate can lead to more meaningful and practical risk management practices.