SBN

See Cyber Risk from Any Angle — RiskLens Risk Assessments and Portfolios

The RiskLens platform not only helps to display an organization’s risk in quantitative terms but contains features that make it easier to compare those risks to each other. These features are known as risk assessments and portfolios and the below information will further describe what each means, how they are utilized, and the benefits of using these features to report to executives and the board.

Risk Assessment

Rapid Risk Assessment, 10% Percentile Donut-1

Within the RiskLens platform, an analyst has the capability to see the overall (aggregate) risk exposure of a group of scenarios by using a risk assessment. This feature highlights the top risks as well as showcases the aggregate annualized loss exposure when looking at two or more scenarios.

Many organizations want to evaluate which assets are more at risk and can quickly do this by conducting rapid assessments and utilizing the top risk report within the risk assessment to see how all the scenarios rank against each other. Within a risk assessment, the analyst is also able to see a breakdown of reports based on assets, threats, effects, and forms of loss, providing another way to visualize the assessment results.

Watch a Webinar: Enterprise Top Risk Reporting with RiskLens

The risk assessment is additionally used for a more holistic understanding of a risk that may have multiple scenarios, such as big game ransomware. In order to fully understand the aggregate loss from a ransomware attack, an analyst may look at the outage aspect as well as the loss of data by completing a risk assessment.

The platform also has the capability for the analyst to conduct comparison assessments from a risk assessment. This feature is accessed and utilized upon the completion of scenarios and a risk assessment and once all have been set to current. Through this feature, the analyst can compare the implementation of controls, take out controls to see if they are imperative, and make other comparisons relevant and worthwhile to the organization. The analyst can also look at the cost of the control, or conduct a risk treatment analysis, to understand what the estimated return on investment is for the control implementation. 

Risk Assessment Capabilities

Identify, rank top risks
Fast ad hoc reporting on a loss event
Aggregate loss exposure for multiple risk scenarios
Multi-scenario views of one complex risk
ROI of controls for risk reduction 

Portfolios

RiskLens Portfolios - Board Report The portfolios feature within the RiskLens platform enables an analyst to define and compare groups of scenarios, known as topics, to each other.

Once a portfolio is created, topics can be associated with the portfolio. Upon the creation of topics, they are assigned, or tagged, within a scenario, effectively adding that scenario to the associated topic report. Unlike risk assessments, which can only contain scenarios associated with the given group, a topic can contain scenarios from multiple groups within the RiskLens instance, enabling enterprise level reporting. The topics can be reviewed and communicated on their own or with other topics within the associated portfolio.

Watch a webinar: CRQ Use Case Series: Portfolio Management — Reporting to the Board and Beyond

All scenarios assigned to a given topic are aggregated to provide a singular, total risk value for the given category. Likewise, all topics are aggregated to provide a singular, total risk value for the portfolio. As a result, a single scenario can only be included in one topic per portfolio to avoid overestimating risk.

In addition to the aggregated value, the topic and portfolio reports contain a comparison of the associated scenarios and topics, respectively. The reports also contain a breakdown of concentrations of loss driving the risk and a highlight of the highest risk scenarios included within the topic or portfolio, based on per event and annualized loss exposure. Both reports also contain areas to add additional notes and remediation information.

Portfolio Capabilities

Enterprise-level reporting

Group risk scenarios by any topic

Value loss exposure by topic

Compare topics for loss exposure

Drill down on risk drivers by topic

Speak to a RiskLens representative about the Portfolio Management Use Case for the RiskLens Platform

Summary: Risk Assessments and Portfolios on the RiskLens Platform 

Both features provide ways for an analyst to report on a group of scenarios to an organization in a quantitative manner. Risk assessments should likely be primarily utilized for comparison assessments to evaluate control investments as well as for quick ad hoc and holistic risk analyses for specific incidents. Portfolios will address comparing groups of scenarios against one another as well as enterprise-wide reporting with the ability to understand the risk across all departments in the organization.

Schedule a demo of the RiskLens platform.

*** This is a Security Bloggers Network syndicated blog from RiskLens Resources authored by Erin Macuga. Read the original post at: https://www.risklens.com/resource-center/blog/deep-dive-or-enterprise-wide-view-cyber-risk-from-any-angle-with-risklens-risk-assessments-and-risk-portfolios