Risk Management Model

The Cybersecurity & Data Privacy Risk Management Model (C|P-RMM) is designed to be an integral tool of an organization’s ability to demonstrate evidence of due diligence and due care. This not only benefits your organization by having solid risk management practices, but it can also serve as a way to reduce risk for those who have to initiate the hard discussions on risk management topics.

The concept of creating the C|P-RMM was to create an efficient methodology to identify, assess, report and mitigate risk. The C|P-RMM project was a collaboration between ComplianceForge and the SCF that was approached from the perspective of asking the question, “How should I manage risk?” 

The C|P-RMM is built directly into the Secure Controls Framework (SCF) and takes a holistic approach to controls, risks and threats as a way to reduce or eliminate the traditional Fear, Uncertainty and Doubt (FUD) that makes many risk assessments meaningless. The C|P-RMM is free to use and is licensed under the Creative Commons licensing model.

cybersecurity risk management model guidebook

Why You Should Care About The Leveraging A Risk Management Model?

Ask yourself these two (2) questions about your organization and your personal exposure in risk & threat management operations:

  1. Can you prove that the right people within your organization are both aware of risks and have taken direct responsibility for mitigating those risks? 
  2. If there was a breach or incident that is due to identified risks that went unmitigated, where does the “finger pointing” for blame immediately go to? (Is it you? Would you have guilt by association?)