As a Founding Advisory Partner to the FAIR Institute, Protiviti believes connecting with colleagues through forums such as FAIRCon is essential to the advancement and growth of the cyber risk quantification practice.
Our session, Factoring Risk in Decision Making, featured Protiviti’s Vince Dasta and FIS Global’s Matt Kruse, and explored real-life example on reporting cyber risk to the board. Connect with our team to discuss key takeaways here.
A major cybersecurity event can dissolve millions of dollars in assets and tarnish even the strongest company’s reputation. As cybersecurity concerns grow and evolve, companies need to be prepared for the inevitable cyber-attacks with strong defenses to identify breaches and minimize damage. But how does leadership know where to invest in cybersecurity? How much is at risk? What should be prioritized? The answer lies in Cyber Risk Quantification (CRQ).
Cyber risk quantification uses industry leading and highly vetted probabilistic models to more accurately describe the cyber security and technology-based risks facing an organization. Protiviti has been quantifying cyber risk since the beginning. Leveraging Subject Matter Experts (SME), such as business users, asset owners and key technical experts that may not have been previously included in cyber risk assessments; while taking data readily available to these SME’s, we are able to gather data more rapidly and make more accurate measurements for each factor within a given risk.
As a Founding Advisory Partner of the FAIR Institute, and a partner of RiskLens, the leading software as a service based on the FAIR model, the team at Protiviti is comprised of all levels from varying backgrounds, all specializing in quantifying risk. Typical engagements can range from a small scoped engagement, lasting a couple of days, all the way to a full program transformation and even maintenance.
Leveraging quantitative modeling empowers an organization to fully understand the risks they are faced with in business terms. This allows for budgetary justification, re-prioritization and full delivery and support at the highest levels. Implementing a Quantitative Risk Management Program doesn’t need to be a long, tedious or heavy obstacle before truly gaining useful results. Components of a program can be implemented at various stages to make the most impact for each organization. Common projects to accomplish before completing a program transformation are:
Protiviti’s Cyber Risk Quantification (CRQ) service, powered by the RiskLens CRQ software, delivers a continual, data-driven assessment of an organization’s current state of cyber risk.
This strategic sponsorship includes collaboration on thought leadership materials and sponsorship of FAIR’s annual Risk Management Maturity Benchmarking Study, its FAIR conference and various chapter events.