I recently had the pleasure of onboarding to RiskLens a financial organization’s Global Information Security team that has championed Factor Analysis of Information Risk (FAIR™) for the past few years. The team had the right people in place, with three certified FAIR analysts, but with FAIR on a spreadsheet their only resource, performing quantitative risk analysis was challenging and time consuming.
Among the challenges:
Zack Kramer is a Risk Consultant for RiskLens
Unleashing the Potential of the RiskLens Platform
The RiskLens platform is the only SaaS platform purpose-built for FAIR quantitative risk analysis (and by the creators of the FAIR methodology). It makes FAIR analysis fast and easy.
In the RiskLens platform, analysts follow a question/answer workshop format that guides them to properly scope an analysis and gather the right data.
Not only does the platform empower analysts to ensure the right questions are being asked during the data gathering process, but it also utilizes tailored data libraries such as loss tables and data helpers that enable analysts to customize, save and store data and analyses in RiskLens (as shown in the image below). This feature of the platform allows for consistency with future analyses.
To help manage version control, RiskLens comes with built-in audit logs and user administration. Audit logs provide full transparency within the platform and with administrative functions, users can be assigned only the functions they truly need to further avoid any mistakes.
Next, on to the most important part of any risk analysis: analyzing and reporting results. With FAIR on a spreadsheet, the analysts would need to interpret results and create a new report for each scenario. The RiskLens platform allows for automated reporting exports and the ability to capture results on a timeline. Just think of all the work the analysts had to complete — what is the point if they cannot effectively communicate their results to decision makers?
RiskLens provides built-in reporting at the analysts’ disposal – and RiskLens delivered the “wow factor” through aggregation of risk scenarios into a Risk Assessment, allowing for the organization to see the total loss exposure they were facing, along with the ability to look at each scenario independently.
These images show aggregate risk reporting:
This image shows a breakdown by scenario:
With Comparison Reporting, the analysts were able to compare multiple risk analyses within the same risk assessment to report on changes in risk and comparative analyses.
The image below shows the reduction in risk by running a comparison analysis
Associating a risk treatment to a risk scenario enabled the analysts to report on cost associated with the risk as well as performing a cost-benefit analysis.
With Rapid Risk Assessment, analysts could, in minutes, turn around a top risks report to present to senior management or the board.
Functions and Formulas Included
Finally, how did we solve the age-old problems with formulas that break, or those long nights trying to perfect a function for FAIR on a spreadsheet?
Imagine the look on the analysts’ faces when we told them we have a platform that encompasses every function and formula they need to complete their FAIR analyses. With built-in scoping, ranges with rationale capabilities and built-in descriptions, Monte Carlo simulations, and guidance the whole way, RiskLens checked every box for the team.
For the analysts, data gathering was the most challenging part of the risk analysis process, their struggle to determine the forms of loss applicable to the loss event being the biggest chasm. With some additional expertise provided by the RiskLens Professional Services team during on-boarding, along with their existing FAIR knowledge, the analysts were ready to cross that gap.
RiskLens not only provided the guidance needed each step of the way, but also gave the Global Information Security Team the confidence to deliver their results to key decision makers.
RiskLens is leading a revolution in the way cyber risk is assessed, measured and managed by bringing to market a Software as a Service solution that makes cyber risk quantification a reality.We help organizations translate cyber risk from the technical into the economic language of business.Schedule a Demo