The Cyber Risk Quantification (CRQ) application from RiskLens is a decision support tool for CISOs who want to make cost-effective, business aligned decisions on cyber and technology risk. We mean what we say, but as a company of critical thinkers, we love when people challenge us to prove it! If you’re looking for a way to “kick the tires” and put our claims to the test, a RiskLens pilot is meant for you.
What is a pilot?
Plain and simple, a pilot is a billable consulting engagement and a mini-implementation of the RiskLens software, in your own environment, to prove out the value of quantifying cyber risk:
- A RiskLens Customer Success consultant comes onsite for 4 days to complete a full quantified risk analysis with your team using our CRQ application that leverages the standard FAIR risk model
- 1-2 mutually agreed upon risk scenarios are analyzed
- The deliverables includes both executive and analyst level reports that present the analyzed risk scenarios in dollars and cents
At the end of the 4-day pilot, you will have completed an end-to-end quantified risk analysis, understand the level of effort necessary to use RiskLens, and will have financially-driven reports that can inform key stakeholders internally about the analyzed risk scenario. The results of the pilot will build a strong case for implementing cyber risk quantification in your organization.What are the required resources for a pilot?
When an organization conducts a pilot with RiskLens, they need to be prepared to:
- Help define or scope a risk analysis scenario for the pilot
- Have at least one dedicated risk analyst available for the entirety of the 4-day engagement to help complete the risk analysis and learn how to use the application
- Schedule meetings with relevant subject matter experts (typically 2 - 3) for up to 2 hours each, who will provide data inputs for the analysis on the selected risk scenario.
Organizations who have completed a pilot tell us that the value is two-dimensional. First, they can evaluate the process and the application. Secondly, they can complete a quantified risk analysis of their choosing. So, picking a risk scenario on a topic that matters to you and your organization is key to getting the most value out of a pilot. Here are a few questions to get your creative juices flowing on what risk scenario to analyze:
- Are you trying to justify a security investment or calculate the ROI on a new technology that is meant to reduce risk?
- Do you disagree with an audit about a specific finding or recommendation, but feel ill-equipped to present a compelling argument?
- Are you looking to demonstrate a before / after comparison of a security initiative's effect on risk?
All of these topics are excellent starting points for selecting a risk scenario. Since it is a limited engagement of 4 days, we will help to guide you in scoping a risk scenario that can be completed in that timeframe. By strategically choosing a meaningful risk scenario, some organizations have even used a pilot to help them make a decision that met a significant objective for the year.Resources to help you
If you’re still unsure about whether a pilot is the right next step for you and your organization, consider reading through our case studies, that reflect recent customer engagements. These case studies below can further guide your selection of a risk scenario and will give you a full picture of how a pilot was completed, what data was used for the analysis, and how pilot results could inform a real business decision:
- Does anti-phishing training reduce risk?
- Conduct a cost benefit analysis of improved window patching
- Assess the best architecture for securing cloud applications