The CISO knew he had a serious problem with unstructured data on a critical network share – his team didn’t know exactly what data was there or how to protect it.
He had secured budget for a data retention project (including improved monitoring and logging to identify anomalous user activity) and a data protection project (for DLP and other controls).
Then, just as the CISO was heading out the door for end-of-year holidays, word came down: the data protection project had fallen out of budget.
Together our RiskLens team and the CISO were able to make a compelling case to save the project, with only on a few phone calls and emails going back and forth – but grounded in RiskLens data science and the capabilities of our quantitative risk analytics platform.
In consultation with the CISO, we scoped out two simple risk scenarios for FAIR quantitative analysis, a breach of critical PII by 1) insider misuse and 2) by external actor via ransomware.
To fill out our analysis, we used these tools in the RiskLens platform
We only needed a few more data points from the CISO to complete the analysis: an estimate on probable record count loss for each scenario and some initial cost details for the proposed risk treatments.
We were then able to run a risk treatment analysis through the RiskLens platform with the results below, comparing the current state of risk to the probable reductions in risk. Under analysis, the data protection project on the chopping block promised to deliver the most risk reduction. Bottom line: the CISO was ready to present to his security committee a strong, defensible case to preserve budget based on return on investment.
Explore our solutions: Depending on your needs, RiskLens offers an enterprise-level risk quantification SaaS platform or risk quantification as a managed service, as well as the My Cyber Risk Benchmark tool to compare your cyber risk levels against industry peers.