Cyber risk quantification on the RiskLens platform is now integrated into the ServiceNow Governance, Risk, and Compliance (GRC) Risk Management application and ServiceNow customers can download the RiskLens Assessment Integration in the ServiceNow Store.
With a one-button click from the GRC, ServiceNow Risk Register users can directly run RiskLens risk assessments, then export the results back to the register where risks can be prioritized and managed based on financial impact to the business.
With the synergy of a risk register and quantitative cyber risk analysis, clients can:
- Assess new entries to the Risk Register to understand risk and controls implications of introducing an application.
- Work through all the entries, potentially eliminating some because financial impact did not cross risk appetite levels.
- Prioritize among a large number of policy exception request reviews.
- Quickly respond to regulatory or board of director requests for risk reporting.
The RiskLens platform is built on Factor Analysis of Information Risk (FAIR™), the international standard for cyber risk quantification, recommended by the National Institute of Standards and Technology (NIST) in the NIST Cybersecurity Framework and NISTIR 8286, the new standard for Integrating Cybersecurity and Enterprise Risk Management. ServiceNow users can align their Risk Registers with the standard FAIR taxonomy to clarify communication on risk across risk management, security operations and the business.
Screenshot: Quantified risk results stored within the ServiceNow Risk Register
Users of the RiskLens platform leverage such advanced features as:
- Rapid Risk Assessments to quickly identify and prioritize the top risks by financial impact at an enterprise, line of business or business unit level
- Detailed Top Risk Assessments, an in-depth look at the drivers of identified top risks to enable strategic decision-making
- Risk Treatment Analysis to evaluate competing risk mitigation choices for their relative value in reducing risk in dollar terms and for return on investment (ROI).
The deepening partnership with ServiceNow is another facet of the expanding reach of FAIR and the RiskLens platform. Recently, IBM announced Risk Quantification Services centered on FAIR analysis and the RiskLens platform, joining the previously announced alliance with Protiviti.