I'm pleased to announce that RiskLens, Inc., the leading provider of Cyber Risk Quantification (CRQ) solutions, is releasing an integration between our risk quantification platform and RSA Archer’s Risk Register. The integration enables risk information to be delivered in a language both technical and non-technical business executives can understand, the financial language of dollars and cents.
Benefits of the integration include the ability to:
- Enable risk quantification to drive management of the Risk Register
- Triage new risk findings and escalate based on actual business impact
- Communicate the business impact of proposed risk remediation scenarios
- Track and manage open Risk Register items in terms of business impact
The RSA Archer Risk Register is a collection of operational risks based on multiple authoritative sources and common business risks. Risk Register items are intended to assist companies in defining and documenting key operational risks. These risks can be imported into the Risk Register as a complete set or be tailored for specific risks.
Integrating RiskLens CRQ into the RSA Archer Risk Register ensures designated ‘high’ risk register entries are associated with a measure of loss exposure compliant with the Factor Analysis of Information Risk (FAIR) standard. FAIR is the de-facto quantitative risk management standard for information security and operational risk.
Expressing cybersecurity risk in monetary terms will enable early adopters, including leading human resources management software and services provider ADP, to involve business executives, special committees and board directors in understanding the impact of cybersecurity risk on the business. It also will allow business leaders to participate in decision-making related to risks, helping fulfill risk governance obligations.
Robert Gaston, Vice President of Operational Risk Management for ADP, says that with the planned integration of RiskLens CRQ into the RSA Archer Risk Register, "we will align high-risk register entries with a measure of loss exposure that is compliant with the FAIR standard.
"Expressing ADP’s cybersecurity risk in monetary terms will allow us to actively engage executive management and board directors to focus on issues and concerns most impactful and important to them. The planned integration also will allow our business leaders to be informed and participate in joint decision-making specific to risk.”
Our CEO Nicola (Nick) Sanna also comments: "Cybersecurity risk exposure continues to rise as a top concern for large organizations, compelling board directors and business executives to rightfully demand that it be articulated and managed in financial terms like all other forms of business risk.
"This integration will help organizations understand how much risk they have, assess the adequacy of their security investments and prioritize and manage initiatives based on business impact. Combined RiskLens–RSA Archer customers will view this as a substantiation of the ‘R’ in their GRC strategy."