Digital Security Program (DSP)
$
7500
One Time
Learn More
- The Digital Security Program (DSP) is our flagship product. Unlike the Written Information Security Program (WISP) that is available in ISO 27002 and NIST 800-53 versions, the DSP is not locked into a single framework – it is a hybrid model that is built for organizations that do not want to be tied to just ISO or NIST frameworks. The DSP is a “best of breed” hybrid that leverages numerous leading frameworks to create a comprehensive security program for your organization!
|
NIST 800-53 Written Information Security Program (WISP)
$
720
One Time
Learn More
- The NIST 800-53 rev4-based Written Information Security Program (WISP) is a premier set of IT security policies and standards. This is a comprehensive, editable, easily implemented document that contains the policies, control objectives, standards and guidelines that your company needs to establish a world-class IT security program. Being Microsoft Word documents, you have the ability to make edits, as needed. For companies that need to be compliant with NIST 800-171, the WISP provides coverage for NIST 800-53 Moderate baseline controls so you could implement the WISP for your NIST 800-171 compliance needs!
-
- Unlike some of our competition that sell “bronze, silver and gold” levels of documentation, we understand that a standard is a standard for a reason. We take out the guesswork associated with picking an appropriate package level - we focus on providing documentation that offers a straightforward solution to provide the appropriate coverage you need. This focus on providing the best solution for our clients makes us proud that we are providing the best set of IT security policies and standards available. Saving a few dollars on a cheap solution can easily leave you with a false sense of security and gaping holes in your documentation that can leave you liable.
-
- Our customers choose the NIST 800-53 rev 4 Written Information Security Program (WISP) because they:
-
- Have a need for comprehensive IT security documentation built on an industry framework
- Need to be able to edit the document to their specific needs
- Have documentation that is directly linked to best practices, laws and regulations
- Need an affordable solution
|
Cybersecurity Risk Management Program (RMP)
$
1320
One Time
Learn More
- All companies have a need to manage risk. Most companies are compelled to management risk and these requirements come from a broad range of sources. Regardless of your industry, there are likely requirements to manage cybersecurity risk and failing to manage risk could leave your company liable from non-compliance from these requirements:
-
- Payment Card Industry Data Security Standard (PCI DSS) - Section#12.2 requires companies to perform a formal risk assessment!
- Massachusetts MA 201 CMR 17.00 - Section# 17.03(2)(b) requires companies to "identify & assess" reasonably-foreseeable internal and external risks!
- Oregon Identity Theft Protection Act - Section 646A.622(2)(d)(B)(ii) requires companies to assess risks in information processing, transmission & storage!
- Health Insurance Portability and Accountability Act (HIPAA) - Security Rule (Section 45 C.F.R. §§ 164.302 – 318) requires companies to conduct an accurate & thorough assessment of potential risks!
- Gramm-Leach-Bliley Act - Safeguard Rule requires company to identify and assess risks to customer information!
- NIST 800-171 - Protecting CUI in Nonfederal Information Systems and Organizations - Section 3.11 requires risks to be periodically assessed!
- Federal Trade Commission (FTC) Act - 15 U.S. Code § 45 deems unfair or deceptive acts or practices in or affecting commerce to be unlawful - poor security practices are covered under this requirement and not managing cybersecurity risk is an indication of poor security practices!
- Vendor Contracts - It is increasingly common for vendors, partners and subcontractors to be contractually-bound to perform recurring risk assessments. Not having a risk management program could lead to breach of contract or losing a bid!
-
- Unfortunately, most companies lack a coherent approach to managing risks across the enterprise. Even with larger organizations that have Enterprise Risk Management (ERM) departments, the RMP can tie into the broader risk management framework for any organization. What ComplianceForge.com did was simply reduce the complexity by creating a usable risk management framework that any company can implement to manage risks.
|
Searching for more matching results...
