Onboarding the RiskLens platform, learning the FAIR model that powers the application, and socializing your organization to think in terms of risk quantification — it’s a lot like a hike with a lofty goal. It’s one you can handle with a little stretching, some determination, some flexibility, and perhaps a little help from the park ranger. Once you’ve accomplished it, you’re going to love the view from the top. And as they say, it’s all downhill from there.
What goal motivated you to purchase RiskLens? Calculating IT project ROI? Communicating to C-level executives the company’s top 10 risks in financial terms? Prioritizing budgets? With the end goal in mind, define the route.
You know where you want to go–time to start the journey. Not every business is the same, so the RiskLens application needs some configuration first, and the RiskLens Professional Services team will help. They will also provide training so that all of your team members start off on the same foot.
Warm up by analyzing a simple, real-life scenario. What is the workflow of the application, who needs to be involved in data collection, what does the output of the application look like, and how do we interpret the results? If you change one input variable, what’s the impact? As you play with an early scenario, you will get more comfortable with the RiskLens application.
It’s time to set your sights on the ultimate goal and make some progress. Your heart rate accelerates. Your first analysis contains multiple assets, multiple threat communities and both integrity and confidentiality are at risk. Woah, this is a whole different level. How do you make this risk analysis similar to your practice analysis? RiskLens Professional Services is available to help and guide you down that trail.
You have had plenty of practice hiking, have developed a map for your next journey, and are ready to do it. But it’s not as easy as just plugging in numbers– those numbers need to accurately represent your company. Reach out to other departments to explain what you need, and get the information. You may make some missteps, but your previous training helps you recover quickly. You’re well on your way to hitting the “Run” button on your analysis.
You have your analysis results and now you need to verify their accuracy. Start with your team members, your manager, and the risk owner. Share FAIR terminology, describe your goals, and explain the process before you run through the numbers. If the results don’t make sense, identify any variable that drives your results in the wrong direction and re-run your analysis. Once your informal quality assurance people are satisfied, start preparing for your first stakeholder presentation.
Be bear aware! While your teammate and manager will likely be supportive, detractors lurk around many corners. People like what is comfortable and may push back, and try to derail your process. Be calm. Educate on the fundamentals. Understand and communicate the benefits. This is a journey for your organization and it will be more successful if you take time to get to your destination.
You did it! The stakeholder presentation went well and they expressed their appreciation for learning the financial exposure of that risk to the organization. Your manager was pleased and even the CISO stopped by to thank you for your hard work. Now, the stakeholders want you to return with a prioritized list of mitigation options because they are not comfortable with the risk level you identified. Fortunately, you know how to do that.
Your first project is completed. Your stakeholders made a decision as to which mitigation option to implement and once done, the financial exposure of that risk drops significantly. Your stakeholder group wants to see all risks and mitigation projects presented in financial terms from now on, and other executives start asking about this risk quantification work. Stay on the trail and enjoy your time in the sun!