Cyber Risk Quantification

Home > Solutions > Cyber Risk Quantification

CYBER RISK QUANTIFICATION AS A SERVICE

Plunge into the unknown or dip into the water?

LEARN MORE

It’s Not the Risks, But How You Own Them.

Use our roadmap of Cyber Risk Quantification (CRQ) Management services to master security decision making and speak in business terms

Flexibility

  • Ability to address a broad range of risk taxonomies
  • Tailored to your business and architecture
  • Analysis using our “as a service model”

Expertise

  • FAIR (Factor Analysis of Information Risk) certified consultants
  • Quantification platform – powered by RiskLens
  • “What if” investment analysis, plus board ready reporting on return on investment

Precision

  • Leverage your information regarding threats and vulnerabilities
  • Factor your business model into loss tables
  • Integrate with your GRC Risk Register (including RSA Archer) for Annual Loss Expectancy

Cyber Risk Quantification (CRQ) Services

FAIR Pilot and IT Risk Primer

$ 0 / month

    • Risk Identification
    • Impact and Probability Statistical Analysis
    • “Risk” in Financial Terms, With Program Recommendations

'What If' Investment Analysis

$ 0 / month

    • Current State Quantification
    • Layered Control Introduction
    • Potential Risk Reduction to Rationalize Costs

Return on Investment Analysis

$ 0 / month

    • Post-Implementation Measures
    • Comparative Residual Risk
    • Project and Control Effectiveness
    • Potential Improvements

Top Risk Analysis

$ 0 / month

    • Risk Register Cleanup
    • Risk Statement Normalization
    • Risk Ratings
    • Cyber Risk Quantification of Top Risks

Our Approach

Bronze Level Services

One-time FAIR analysis powered by TUV Rheinland OpenSky and RiskLens platform covering TOP 5 Risk Analysis across up to 6 of your asset classes.

Silver Level Services

One-time FAIR analysis powered by TUV Rheinland OpenSky and RiskLens platform covering TOP 10 Risk Analysis across up to 12 of your asset classes.

Gold Level Services

Annual FAIR analysis powered by TUV Rheinland OpenSky and RiskLens platform covering TOP 10 Risk Analysis across 12 of your asset classes.

Want to learn more about our Cyber Risk Quantification Services?

See white paper: Foundations for FAIR Risk Quantification Program

See our case studies.

GLOBAL HEALTHCARE COMPANY CAN NOW QUANTIFY ITS CYBER RISK TO STRATEGIZE INVESTMENT ON RISK TREATMENT

Healthcare

GLOBAL HEALTHCARE COMPANY CAN NOW QUANTIFY ITS CYBER RISK TO STRATEGIZE INVESTMENT ON RISK TREATMENT

Read The Story
REGIONAL HEALTHCARE COMPANY CAN NOW QUANTIFY VENDOR RISK TO THE ORGANIZATION

Healthcare

REGIONAL HEALTHCARE COMPANY CAN NOW QUANTIFY VENDOR RISK TO THE ORGANIZATION

Read The Story

Why Do Clients Choose us for CRQ Services?

  • As GRC Experts, we understand how to integrate data inputs and results across your GRC risks, remediation plans and residual risk reports.
  • We know how to clean up risk registers that are full of the wrong kinds of risks, need normalized language, tie to your risk taxonomy and hierarchy and are grouped to keep the risk program manageable.
  • Our risk program approach is based on the ISO 31000 standard and we have the risk stakeholder interview guidelines to gain better visibility and identify the scenarios that are appropriate to quantify.
  • We sharpen FAIR probability analysis with Threat Integration. We have developed a way to convert risk scenarios into security analytics and the resultant threat insight back into FAIR’s “Threat Contact Frequency”.
  • We sharpen FAIR probability analysis with Vulnerabilities. We have the services that create output meaningful to FAIR’s view of vulnerabilities including Threat Modeling.

Timing is Everything in Risk Management.

Uncover your enterprise cyber risks, identify those to be quantified and then leverage us to analyze like a FAIR “Risk Master.”

We’d like to help you. Speak to a specialist today.

We’d like to help you. Speak to a specialist today.

Contact us

Before you leave…
want to sign up for our newsletter?