The RiskLens platform not only helps to display an organization’s risk in quantitative terms but contains features that make it easier to compare those risks to each other. These features are known as risk assessments and portfolios and the below information will further describe what each means, how they are utilized, and the benefits of using these features to report to executives and the board.
Within the RiskLens platform, an analyst has the capability to see the overall (aggregate) risk exposure of a group of scenarios by using a risk assessment. This feature highlights the top risks as well as showcases the aggregate annualized loss exposure when looking at two or more scenarios. (Click for larger image -->)
Many organizations want to evaluate which assets are more at risk and can quickly do this by conducting rapid assessments and utilizing the top risk report within the risk assessment to see how all the scenarios rank against each other. Within a risk assessment, the analyst is also able to see a breakdown of reports based on assets, threats, effects, and forms of loss, providing another way to visualize the assessment results.
The risk assessment is additionally used for a more holistic understanding of a risk that may have multiple scenarios, such as big game ransomware. In order to fully understand the aggregate loss from a ransomware attack, an analyst may look at the outage aspect as well as the loss of data by completing a risk assessment.
The platform also has the capability for the analyst to conduct comparison assessments from a risk assessment. This feature is accessed and utilized upon the completion of scenarios and a risk assessment and once all have been set to current. Through this feature, the analyst can compare the implementation of controls, take out controls to see if they are imperative, and make other comparisons relevant and worthwhile to the organization. The analyst can also look at the cost of the control, or conduct a risk treatment analysis, to understand what the estimated return on investment is for the control implementation.
Risk Assessment Capabilities
Identify, rank top risks
Fast ad hoc reporting on a loss event
Aggregate loss exposure for multiple risk scenarios
Multi-scenario views of one complex risk
ROI of controls for risk reduction
Once a portfolio is created, topics can be associated with the portfolio. Upon the creation of topics, they are assigned, or tagged, within a scenario, effectively adding that scenario to the associated topic report. Unlike risk assessments, which can only contain scenarios associated with the given group, a topic can contain scenarios from multiple groups within the RiskLens instance, enabling enterprise level reporting. The topics can be reviewed and communicated on their own or with other topics within the associated portfolio.
All scenarios assigned to a given topic are aggregated to provide a singular, total risk value for the given category. Likewise, all topics are aggregated to provide a singular, total risk value for the portfolio. As a result, a single scenario can only be included in one topic per portfolio to avoid overestimating risk.
In addition to the aggregated value, the topic and portfolio reports contain a comparison of the associated scenarios and topics, respectively. The reports also contain a breakdown of concentrations of loss driving the risk and a highlight of the highest risk scenarios included within the topic or portfolio, based on per event and annualized loss exposure. Both reports also contain areas to add additional notes and remediation information.
Group risk scenarios by any topic
Value loss exposure by topic
Compare topics for loss exposure
Drill down on risk drivers by topic
Summary: Risk Assessments and Portfolios on the RiskLens Platform
Both features provide ways for an analyst to report on a group of scenarios to an organization in a quantitative manner. Risk assessments should likely be primarily utilized for comparison assessments to evaluate control investments as well as for quick ad hoc and holistic risk analyses for specific incidents. Portfolios will address comparing groups of scenarios against one another as well as enterprise-wide reporting with the ability to understand the risk across all departments in the organization.