- Most popular product for organizations that must address more than just a single cybersecurity framework (e.g., NIST 800-53, ISO 27002 or NIST Cybersecurity Framework).
- Maps to over 100 statutory, regulatory and contractual cybersecurity and privacy frameworks to create a hybrid approach to cybersecurity policies, standards, controls and metrics.
- Provides 1-1 mapping with the Secure Controls Framework (SCF), so you can easily align your policies, standards and metrics with the controls you use from the SCF!
- The DSP addresses more than just the “why?” and “what?” questions in an audit, since in addition to the core policies and standards that form the foundation for your cybersecurity program, the DSP comes with controls and metrics!
[/vc_column_text][vc_column_text]The DSP consists of thirty-two (32) policies. Nested within these policies are the control objectives, standards and guidelines that make your security program run. The structure of the Digital Security Program makes is easy to add or remove policy sections, as your business needs change. The same concept applies to standards – you can simply add/remove content to meet your specific needs. The DSP addresses the “why?” and “what?” questions, since policies and standards form the foundation for your cybersecurity program. The DSP provides the underlying cybersecurity standards that must be in place, as stipulated by statutory, regulatory and contractual requirements. Just as Human Resources publishes an “employee handbook” to let employees know what is expected for employees from a HR perspective, the DSP does this from a cybersecurity perspective.
Cost Savings Estimate – Digital Security Program (DSP)
The process of writing cybersecurity policies and standards can take an internal team many months and it involves pulling your most senior and experienced cybersecurity experts away from operational duties to assist in the process, which is generally not the most efficient use of their time.This also requires involvement from your internal team for quality control and answering questions, so the impact is not limited to just the consultant’s time being consumed. In addition to the immense cost of hiring a cybersecurity consultant at $300/hr+ to write this documentation for you, the time to schedule a consultant, provide guidance and get the deliverable product can take months.
When you look at the costs associated with either hiring a consultant to write cybersecurity documentation for you or tasking your internal staff to write it, the cost comparisons paint a clear picture that buying from ComplianceForge is the logical option. Purchasing the DSP offers these clear advantages:
- Compared to hiring a consultant, you can save months of wait time and tens of thousands of dollars!
- Compared to writing your own documentation, you can potentially save hundreds of man-hours and the associated cost of lost productivity.
- Orders are usually processed the same business day so you get your documentation quickly!
The Digital Security Program (DSP) is a product we developed for companies that need to comply with multiple requirements, but do not want to be locked into documentation that is formatted to conform with the taxonomy ISO 27002 or NIST 800-53. Essentially, the DSP is a “best in class” approach to security documentation.
Our products are one-time purchases with no software to install – you are buying Microsoft Office-based documentation templates that you can edit for your specific needs. If you can use Microsoft Office or OpenOffice, you can use the DSP! While the DSP does come in Microsoft Word like the WISP, the included Excel version of the DSP comes with the following content so it is easy to import into a GRC solution (e.g., ZenGRC, RequirementONE, Archer, RSAM, MetricStream, etc.):
- Policy statements
- Policy intent
- Control objectives
- Controls (Secure Controls Framework & NIST Cybersecurity Framework)
- Metrics – including suggested Key Performance Indicators (KPIs) & Key Risk Indicators (KRIs)
- Indicators of Compromise (IoC)
- Indicators of Exposure (IoC)
- Target Audience Applicability
- Scoping – Basic or Enhanced Requirement
- Recommended roles / teams with responsibility for each standard (basically a RACI for key stakeholders.
This Is How Cybersecurity & Privacy Documentation Is Meant To Be Structured – Hierarchical & Scalable!
ComplianceForge provides businesses with exactly what they need to protect themselves – professionally written cybersecurity policies, control objectives, standards, controls, procedures and guidelines at a very affordable cost. Similar documentation standards can be found in Fortune 500 company that have dedicated Governance, Risk & Compliance (GRC) staff. The Digital Security Program (DSP) is footnoted to provide authoritative references for the statutory, regulatory and contractual requirements that need to be addressed.
Cybersecurity & Privacy Policies, Standards, Controls & Metrics For A Digital Company
The DSP can serve as a foundational element in your organization’s cybersecurity program. It can stand alone or be paired with other specialized products we offer.
In addition to being a hybrid model that is made up of leading security frameworks, we also added in features that are not available in the Written Information Security Program (DSP), namely mapped controls and metrics. This equates to a potential time savings of hundreds of hours, based on how much work goes into not only creating controls and worthwhile metrics, but mapping those back into your organizations policies and standards.
One special aspect of the DSP is while it comes in Microsoft Word format, it also comes in Microsoft Excel so that it is easy to import into a GRC solution (e.g., Ostendio, ZenGRC, SimpleRisk, RequirementONE, Archer, RSAM, MetricStream, etc.)! This is an ideal solution for companies that either currently use a GRC solution or are exploring the use of one. The time savings can equate to a saving of tens of thousands of dollars in customizing “out of the box” documentation from these tools.
If you are interested in learning more, there is a product walk-through video and other helpful documentation, so keep reading or contact us so we can help answer your specific questions.
What Problem Does The DSP Solve?
- Lack of In House Security Experience – Writing security documentation is a skill that many good cybersecurity professionals simply are not proficient at and avoid the task at all cost. Tasking your security analysts and engineers to write comprehensive documentation means you are actively taking them away from protecting and defending your network, which is not a wise use of their time. The DSP is an efficient method to obtain comprehensive security policies, standards, controls and metrics for your organization!
- Compliance Requirements – Nearly every organization, regardless of industry, is required to have formally-documented security policies and standards. Requirements range from PCI DSS to HIPAA to NIST 800-171. The DSP is designed with compliance in mind, since it focuses on leading security frameworks to address reasonably-expected security requirements
- Audit Failures – Security documentation does not age gracefully like a fine wine. Outdated documentation leads to gaps that expose organizations to audit failures and system compromises. The DSP’s standards provides mapping to leading security frameworks to show you exactly what is required to both stay secure and compliant.
- Vendor Requirements – It is very common for clients and partners to request evidence of a security program and this includes policies and standards. The DSP provides this evidence!
How Does the DSP Solve It?
- Clear Documentation – The DSP provides comprehensive documentation to prove that your security program exists. This equates to a time saving of hundreds of hours and tens of thousands of dollars in staff and consultant expenses!
- Time Savings – The DSP can provide your organization with a semi-customized solution that requires minimal resources to fine tune for your organization’s specific needs.
- Alignment With Leading Practices – The DSP is written to support over two dozen leading frameworks!