While working with a potential customer recently, I got an interesting comment. “Of course, it looks easy” he said. “You’ve been doing this for years across all industries. How can I expect my team to have this level of knowledge and efficiency in conducting quantitative risk analysis?”
The answer was simple: because we built it that way. See below for three of the ways in which RiskLens plus professional services simplify quantitative analysis for information and technology risk using the Factor Analysis of Information Risk (FAIR™) model.
1. Dynamic Workshop Questions
As you’re starting out, it can seem daunting to know what factors need to be considered when evaluating the forms of loss in scope and how to estimate them. The RiskLens platform was developed with the user in mind and meant to simplify the analysis process by providing tailored workshop questions based on the scope of the risk scenario to be analyzed.
After you have scoped a scenario, RiskLens will create a tailored workshop and automatically select the forms of loss that should be evaluated for the scenario, removing all those which are not in scope. Additionally, rather than being left with broad, open ended questions such as “How much Primary Response loss is our organization likely to experience as a result of the loss event?”, RiskLens will ask intuitive, easy to answer questions that allow the user to derive the value.
More comfortable sticking to the basics? No problem. RiskLens also offers a “Native” mode which allows the user to work directly at the FAIR model rather than deriving.
2. Customizable Data Warehouses
After the time has been spent working with subject matter experts to gather data, nobody wants to have to go and do it again next week or month for the next risk analysis. With the RiskLens platform, there are various ways in which the user can store data for future use in order to enable consistent and efficient risk analysis.
- Asset Manager
If you’re pretty certain your next question to the asset owner of your crown jewel database will result in a nastygram, you can save yourself the hassle by saving information directly at the asset level for future use. Common questions such as recovery time objective (RTO), user population, and amount and type of records contained come up in a variety of analyses. By saving them within the asset during creation, the user will never need to answer these questions again as they will be pre-populated in every workshop going forward.
Unique situation? Don’t worry. Use of pre-established estimates is optional in each analysis.
- Data Helpers
In addition to asset level information, users can choose to store other data points within customizable Data Helpers. Data Helpers can be created for any workshop question and can have multiple answers related to different circumstances. For example, the user can input estimates for incident response efforts dependent on the criticality of the event. Then, when analyzing a given scenario, they simply need to determine which criticality is appropriate and the underlying values will be automatically used within the calculation.
Need to make a change to an existing Data Helper and dreading the rework required? Fear not. Any analysis that has subscribed to that Data Helper will automatically be updated to reflect the change in estimate. How’s that for efficiency?
- Loss Tables
Rather than or in addition to saving estimates at a workshop question level, the user can also choose to create and store Loss Tables within RiskLens. Where Asset Manager and Data Helper answers are workshop question specific, Loss Tables are used to estimate the entire Secondary Loss Magnitude associated with an event, based on records impacted or duration of outage.
Seem like too much to bite off at once? Don’t worry – the RiskLens Professional Services team will assist you in the development and customization of the Data Warehouses.
Learn more: How Loss Tables Power RiskLens Analysis [Podcast]
3. Development Structured Professional Services
While the RiskLens platform is meant to make the quantitative risk analysis process as simple and user friendly as possible, you’ll never be on your own. In addition to the development and customization of tailored Data Warehouses, the Professional Services team also offers multiple projects all designed with developing FAIR analysts and maintaining a Quantitative Risk Management Program in mind.
All services are designed with an “I do, we do, you do” approach. To begin, a RiskLens Professional Services FAIR and RiskLens platform expert demonstrates appropriate risk analysis methods and best practices with the analyst team shadowing. Following this activity, the analyst team then conducts their own analyses in which the RiskLens Professional Services team provides coaching and feedback to enable constant improvement.
Ready to put our industry knowledge and years of experience to the test? Learn more about the RiskLens Quantitative Cyber Risk Management Program.