Here’s the on-demand version of our recent webinar “Making the ‘Impossible’ Possible – Quantifying Cyber Risk,” hosted by Chad Weinman, RiskLens VP of Professional Services and Explainer-in-Chief.
In under one hour, Chad will walk you through the FAIR model for risk quantification, an example of a risk analysis on the RiskLens platform, and answer questions from the audience that cover concerns we often hear when folks first come to the realization that cyber risk quantification is actually possible.
FAIR and the RiskLens platform aim to answer the fundamental question so many organizations face today around cybersecurity, says Chad: “Are we confident that we’re spending our resources on the right projects, in the right order, and with the right cost/benefit?”
Typically, organizations can’t answer because they’re tripped up by:
- Lack of standard definitions, for instance for basic terms such as “threat” and “asset”
- Lack of knowledge that cyber risk quantification is possible. The industry standard for analysis is still heat maps that provide high-medium-low, qualitative analysis that is hardly actionable let alone grounded in business reality
- Analysis results that yield little to no value – leading, for instance, to risk registers with a grab-bag of entries that aren’t really risks
The FAIR risk model clearly defines risk and its components – it also clarifies what data is truly needed for risk analysis in the RiskLens platform, as Chad demonstrates in a simple analysis for endpoint protection. “You have more data than you need, you just don’t know what data it is,” he says. “And you don’t need as much data as you think.”
You’ll see the outcome of running a risk scenario through RiskLens: a distribution of results showing the most probable loss in dollar terms for a current cybersecurity state or a potential future state at varying levels of investment in controls.
Listen to the webinar…then contact us for a demonstration specific to your needs.