The RiskLens platform has many features built into it that facilitate risk analysts to make the most of every analysis. In this RiskLens In-Depth look at our risk quantification platform, I’ll be discussing Authoritative Analyses in Cyber Risk Quantification, a feature that allows for the easy reuse of previous analyses and the benefits this provides.
RiskLens’ Cyber Risk Quantification allows a risk analyst to create many types of analyses. They can be small analyses, such as one that is based around a single asset class, or, as is often the case, an analysis based on just the asset classes around a specific technology or concept (e.g. analyzing the effects of a new technology such as a new intrusion detection system). Or, the analysis could be much larger in scope, one that covers hundreds of asset classes or even the entire enterprise.
Furthermore, the analyses could be used for two different purposes:
- To facilitate a view into the current real-world snapshot of the enterprise.
- To run a “what-if analysis”, an analysis used to evaluate changing control conditions, asset classes, threat types, and more.
Authoritative Analyses in RiskLens’ Cyber Risk Quantification allow you to make extra use of all of the above. Allowing you to differentiate from the “what-if” and even more powerfully, to quickly reuse any part of one or more analysis in a brand new analysis based on the most current information of the asset classes scoped in analysis.
At a high level this provides the following benefits when using RiskLens’ Authoritative Analyses in Cyber Risk Quantification:
- Scale from single scenario analyses to an aggregate enterprise analysis at your own pace. A complete enterprise analysis (e.g. a FAIR based model of your entire organization) may seem at first like an unachievable goal. However, when broken down into the types of analyses many analysts are already performing and then brought together into a new analysis over time, the goal becomes completely achievable and is a natural byproduct of the platform over time.
- Save time by not having to constantly start from the ground up. Reusing authoritative data from previous analyses allows you to reap the rewards of time already spent. Instead of creating all new estimates, tracking people down to setup meetings, etc., you can leverage all of that previous work. This is especially valuable when risk analysts wish to create a new analysis to quickly evaluate new emerging conditions.
- Easily compare where you were to where you are today. This can be done at the asset class level or at the complete enterprise level. The RiskLens platform has multiple types of comparative reporting that leverage authoritative analysis data to allow you to compare your past, present, and future risk posture.
(An enterprise comparison of loss exposure over time)
- Finally, authoritative analysis allow you to explore your environment from a different perspective. Curious about the state of controls for a specific asset class and not just at the full analysis level? Track and set control and loss exposure thresholds and when those thresholds are not met RiskLens automatically generates reports and cases for them.