Here’s a look at some (but not all) of the key types of analysis reporting produced by the RiskLens platform.
Annualized Loss Exposure and Loss Exceedance Curve
Value for decision support: Shows a range of probable loss exposure at a high level and a granular level so decision-makers can exactly calibrate to their level of risk acceptance.
The details:
The RiskLens platform performs 50,000 Monte Carlo simulations to calculate the Annualized Loss Exposure (ALE), in financial terms, of the scoped risk scenario/s. Once the scenario has completed running, the analyst will immediately see two different charts. The first chart displays the ALE range of values highlighting the amount of loss exposure an organization has in a given year as it relates to the specified scenario. Beneath that range is a Loss Exceedance Curve that expresses the probability of a particular amount of loss materializing.
As mentioned above, the RiskLens platform provides a range of loss exposure that an organization could experience if the scenario being analyzed were to occur. Within this range are multiple metrics that could be used by the analyst to convey the results to their organization’s leadership or board.
Related: Do I Have to Be a Math Nerd to Do FAIR Analysis?
Below is a brief description of each:
Train your organization on FAIR, the international standard for cyber risk quantification – check out the courses at the RiskLens Academy.
Aggregated Risk Assessment
Value for decision support: Gain a strategic view of the broader elements of cyber risk to answer questions such as “What is our probable loss exposure from insiders?” “What is the risk across our databases that hold customer PII?”
The details:
Within the RiskLens platform, the analyst has the option to complete a risk assessment to evaluate multiple scenarios by visually seeing the aggregate of those scenarios together. This assessment contains multiple additional and granular reporting options, including the aggregate ALE and Loss Exceedence Curve, that can be extremely beneficial in presenting the aggregate ALE results and scenarios to the organization’s leadership and board.
Top Risks Report
Value for decision support: Quickly see a list of risks ranked by probable loss exposure for a business unit or enterprise to prioritize remediation projects.
The details:
A feature within the risk assessment enables the analyst to compare multiple analyses to each other. The Top Risk Report is interactive and assists the analyst in determining which scenario/s should be prioritized and promptly addressed within the organization. This report has three separate charts with each one expressing a different way to rank risks, to help craft communication to leadership.
These three charts are:
With this prioritization ability, the entire organization or a specific line of business can rapidly determine if a particular scenario requires an in-depth analysis leading to a targeted remediation plan. These charts also bring to the forefront the scenario/s that needs to be addressed first whether by implementing a specific control or upgrading to a newer software version.
Risk Treatment Analysis
Value for decisions support: Compare alternative remediation approaches for amount of risk reduction in dollars; run cost-benefit analyses on those alternatives.
The details:
Another reporting option, once a risk assessment has been completed, is to conduct a comparison assessment by looking at the implementation of various controls and how they would reduce the organization’s risk exposure. If there are multiple controls that an organization is considering but they are not sure which control provides the most protection to reduce their risk, this feature enables the analyst to compare the controls to each other. When evaluating the controls, the analyst can also conduct a cost benefit analysis which allows for the addition of costs to enable a visual of the most cost effective control being considered. Within the platform these two features are combined as one capability with a results output that enables the visualization of which control is the most cost effective and which control implementation will result in a risk reduction.
Summary:
The reporting options within the RiskLens platform can be utilized to report to an organization’s leadership to help them put the risk being faced by the organization into the business context. The reporting also enables the analyst to ascertain an understanding of what scenarios are a top priority for mitigation or upgrading, which scenarios pose the most risk to the organization, and which controls are cost effective and reduce the organization’s risk exposure. RiskLens offers a suite of solutions, including Rapid Rapid Risk Assessment, Cost Reduction and Budget Planning, Risk Treatment Analysis and more, and we continue to invest in developing our platform and services to continue make it it faster and easier to translate risk analysis and insights into action and business value.