David Rauschendorfer

Risk Management Program Guide David Rauschendorfer

The Enterprise Risk Management Program (ERMP) Guide provides program-level risk management guidance that directly supports your organization's policies and standardizes the management of cybersecurity risk and also provides access to an editable Microsoft Word document template that can be utilized for baselining your organizations risk management practices. Unfortunately, most companies lack a coherent approach to managing risks across the enterprise: When you look at getting audit ready, your policies and standards only cover the "why?" and "what?" questions of an audit. This product addresses the "how" questions for how your company manages risk. The ERMP provides clear, concise documentation that provides a "paint by numbers" approach to how your organization manages risk. The ERMP addresses fundamental needs when it comes to what is expected in cybersecurity risk management, how risk is defined, who can accept risk, how risk is calculated by defining potential impact and likelihood, necessary steps to reduce risk. Just as Human Resources publishes an "employee handbook" to let employees know what is expected for employees from an HR perspective, the ERMP does this from a cybersecurity risk management perspective. Regardless if your cybersecurity program aligns with NIST, ISO, or another framework, the Enterprise Risk Management Program (ERMP) is designed to address the strategic, operational and tactical components of IT security risk management for any organization. Policies & standards are absolutely necessary to an organization, but they fail to describe HOW risk is actually managed. The ERMP provides this middle ground between high-level policies and the actual procedures of how risk is managed on a day-to-day basis by those individual contributors who execute risk-based controls.