This is a question that we typically get asked once prospective customers realize that the quantification of information risk is not only possible, but that some of their peers are already doing it and getting business value.
A prospective customer's level of consideration is often much higher if they have recently completed a successful pilot implementation, where one or two real-life risk scenarios have been analyzed using their own data and our application. They realize at that point how efficient the process is and better understand the potential for operationalizing the RiskLens application.
The question, "How much does RiskLens cost?" usually leads to a series of more granular questions. Here are the most typical ones and their corresponding answers.
How do you price the software?
- Cyber Risk Quantification: License tiers are defined based on the number of asset classes that can be included in a single analysis. Including more asset classes in a single analysis enables broader and more complex risk analyses to be performed.
- Cyber Risk Triage: The price for this application is included as part of the CRQ license. There is no extra charge for CRQ customers.
- Cyber Risk Maturity: There are no tiers for this application; it is priced as a flat fee, independent of the size of an organization.
- Cyber Risk Third-Party: License tiers are based on the number of vendor analyses that a customer needs to conduct.
What is an asset class?
- An asset class is one or more technology assets that share a similar overall security profile. From a FAIR perspective, it means that they share similar attack frequency, vulnerability factors, and/or similar Value at Risk characteristics. Examples: Asset classes are most often groups of related assets (e.g. workstations, Oracle databases,..) but can also be specific applications or business processes (e.g. Payments, Claims Processing, Supply Chain Management,..).
Is it a perpetual license or a subscription?
- We license our software-as-a-service applications as annual subscriptions.
Do you provide discounts for multi-year contracts?
- Yes, we do provide discounts for multi-year agreements and pre-pay arrangements.
How do you scope a RiskLens implementation?
- That depends on the RiskLens application and the risk related problems an organization wants to solve.
- We measure the size of Cyber Risk Quantification projects based on the types and complexity of risk scenarios an organization wants to analyze and understand.
- We size Cyber Risk Third-Party projects based on the number of vendor analyses to be conducted.
Are there any professional services that you also provide?
- One-time training and on-boarding services are required for each of our applications.
- Training packages include various levels of FAIR training and application training, depending on the application and the scope of the project.
What if I don't have the right staff on board yet?
- RiskLens does provide retainer services to customers that want to leverage RiskLens' certified risk consultants to conduct risk analyses or to assist in the development of their risk management program. Retainer services are separate from the initial training and on-boarding services.
We hope that you found these answers informative.