The RiskLens platform automates cyber and technology risk analysis and risk assessment based on Factor Analysis of Information Risk (FAIR™), the standard for risk quantification.
What does a FAIR risk assessment example look like? Here’s a quick look at the process and the outcomes.
FAIR analysis breaks down risk into factors that can be quantified (in counts, percentages or dollar figures) to estimate the probable frequency and probable magnitude of loss. From that we can generate a range of probable outcomes in financial terms to understand our loss exposure.
But before we can start filling in the factors with numbers, we need to clarify or “scope” a loss event we want to analyze.
FAIR Risk Example Scenario:
“Analyze the risk associated with a privileged insider intentionally disclosing the information contained in our customer relationship management database.”
(The guided workshop on the RiskLens platform ensures that you start with a well-formed risk scenario.)
Learn more: How to Scope a Risk Analysis Using FAIR
Where in-house subject matter experts can’t supply hard estimates, RiskLens can step in with plug and play data collected from industry sources and curated by our Data Science team, greatly simplifying the data collection phase.
Learn more about collecting frequency and magnitude data.
Tip: Think you don’t have enough data? FAIR techniques help you maximize the value of your data at any level. Learn more: Quantitative Risk Analysis: You Have More Data Than You Think.
Some reporting capabilities of the RiskLens platform:
Rapid Risk Assessment
Quickly assess many risk scenarios around a common theme (e.g., insider threats), an asset (crown jewel database), a business unit or the entire enterprise, and prioritize them for their probable loss exposure in dollars.
Guide to Using Rapid Risk Assessment on the RiskLens Platform
Detailed Top Risk Analysis
Run an in-depth Top Risk Assessment on each of the most urgent scenarios identified by Rapid Risk Assessment. This is an opportunity to gather data more intensively from subject matter experts, including the relevant history of cyber incidents, the probable threat actors, the costs associated with incident response or secondary effects such as lawsuits, and the controls in place
How to Conduct a Detailed Analysis of a Top Risk on the RiskLens Platform
Aggregated Risk Assessment
Aggregate multiple scenarios into risk assessments for deep insights into the loss exposure of the organization, for instance by type of threat actor or asset.
The RiskLens platform outputs reports that are easy to follow for upper management or non-technical stakeholders, because they’re in the financial language of business – loss exposure in dollar values.
Here are some FAIR risk assessment example reports:
Phishing Risk
Top Risks
Risk by Asset
Export RiskLens Reports for Easy Presentation of Cyber Risk Assessments
Through APIs, reports from the RiskLens platform can be exported to a GRC or dashboard application such as Tableau. The platform also exports to native PowerPoint presentations. Here’s an example of a PPT export:
Based on RiskLens FAIR analysis, organizations get a clear directional picture of their top risks to prioritize mitigations – but through the Risk Treatment Analysis capability of the RiskLens platform, they gain an extra level of decision support by comparing alternative risk treatment options for their effect on reduction of risk from a current state, in financial terms. FAIR analysis can assess the return on investment of adding or enhancing new controls or security processes, as well as see if existing controls are justifying their cost.
Get a detailed picture of how FAIR risk assessment guided informed decision-making for these RiskLens clients:
Finance Company Assesses Risk of Data Breach from Shared Storage
Operational Risk from Outage of a Manufacturer's Order Fulfillment System
Evaluating ROI of Data Loss Prevention Controls
For a demo of FAIR risk assessment on the RiskLens quantitative risk analysis platform - Contact Us