Recently, two clients challenged us to rethink the RiskLens cyber risk analysis process. RiskLens clients run risk scenario analyses in two modes on the platform:
Both approaches apply FAIR™, the international standard for cyber risk quantification, and leverage the platform’s Data Helpers to store data for repeated use in answering risk analysis workshop questions.
Taylor Maze is a Senior Risk Consultant and Tyler Britton is a Risk Consultant for RiskLens
But detailed analysis typically requires more time, mostly in data gathering: scheduling meetings with subject matter experts from the security and business operations to lock down estimates for every input to analysis –for instance on controls effectiveness based on a thorough walk-through of the attack chain. It’s highly targeted to the scenario and ultimately highly defensible.
Here’s where our clients challenged us. With distributed teams and the pace of decision-making growing ever faster, they needed to conduct a lot of detailed analyses over a short period of time. “Why can’t we have the best of both rapid and detailed?” they asked.
Introducing Pattern-based Thinking to Cyber Risk Analytics
In effect, they were asking us to build a new, repeatable, scalable process for Detailed Analysis. So, we took a fresh look at our risk analysis processes through the lens of “pattern-based thinking”.
It occurred to us that we often analyze similar scenarios over and over. A phishing or web attack analysis would require similar discussions on controls or reputation damage. Instead of starting over from the drawing board with data collection and analytical work, we could try to capture those patterns in Data Helpers. The end result: We could do a lot more data selection and a lot less data collection.
This new approach includes two features captured in Data Helpers
Two Use Cases - Faster Detailed Risk Quantification Analysis in Action
Our two clients put the new capabilities of the RiskLens platform into action.
Both clients will expand and sharpen the focus of their Data Helpers over time as they do more analyses. It’s important to note that updating a Data Helper also updates all the other analyses it feeds, improving the entire workflow. The end result: a risk-based program that’s both efficient, adaptable and rigorous.
Find out how pattern-based thinking, cyber risk quantification and the RiskLens platform can power your risk management – contact us.