Blog

Download this Policy Document to Start Your Quantitative Cyber Risk Management Program Right

by Brad Agee
August 10, 2020

After helping many clients roll out quantitative cyber risk management, RiskLens Risk Consultant Brad Agee created a policy document covering the guidelines and requirements that successful programs have instituted to smoothly operate a RiskLens/FAIR™ program.

With input from RiskLens Chief Risk Scientist and FAIR model creator Jack Jones, Brad is now sharing what he’s learned in two downloadable pdfs, one version an outline of the elements of the policy, the other the same outline fleshed out with suggested example content – download and customize for your organization.

Ideally, you would implement this policy and have the guidelines in place before you launch the  RiskLens-FAIR Enterprise Enterprise Model (RF-EM), which includes configuring the RiskLens platform and receiving training and program set-up from RiskLens services experts.

The quantitative risk management policy document covers:

  • Governance, including roles and responsibilities and developing risk appetite and KRIs
  • Metrics, including requirements for asset management and threat landscape monitoring, as well as the necessary steps in conducting risk analysis
  • Risk Management, including criteria for logging loss events and when and how root cause analysis must be applied.

Process questions the policy document can help you answer include:

  • Cadence for risk reporting to various levels of the business
  • How to develop a risk appetite statement
  • Record keeping on crown jewel assets
  • Periodic controls testing.
  • Training levels for analysts
  • When cost-benefit analyses are to be required
  • Rules for data gathering on non-compliant controls

Download the model risk management policy documents (PDFs):

Risk Measurement and Reporting Policy Outline

Risk Measurement and Reporting Policy Example with Suggested Content

Again, the intention is to give you a document you can customize. Let us know how it goes – Contact us with your comments or questions on the policy document

More from Our Blog

February 20, 2020
Announcing the RiskLens FAIR Enterprise Model™, Standardized Best Practices for Enterprise-wide Adoption of FAIR™
Continue Reading
June 12, 2020
Webinar: See RiskLens Rapid Risk Assessment in Action
Continue Reading
July 16, 2020
How to Describe to Your Board the Benefits of RiskLens, FAIR and Cyber Risk Quantification in 3 Minutes
Continue Reading

Let's Talk About Your Cyber Risk in Business Terms

RiskLens is leading a revolution in the way cyber risk is assessed, measured and managed by bringing to market a Software as a Service solution that makes cyber risk quantification a reality.We help organizations translate cyber risk from the technical into the economic language of business.

Schedule a Demo

Recent Posts
February 18, 2021
3 Ways the RiskLens Platform Makes FAIR Risk Analysis Simple
February 17, 2021
Boards: 5 Things about Cyber Risk Your CISO Isn’t Telling You
February 09, 2021
How FAIR & ISO 27001 Work Together
Sign Up for Blog Updates