“Okay, I’m ready to start with RiskLens, what happens now?”
Welcome aboard! In six steps, we will set up your FAIR™ quantitative risk program and show its value to your organization. All in about 60 days.
Step 1 – FAIR Platform and RiskLens training (1-2 weeks)
We will start with a training base FAIR (Factor Analysis of Information Risk) and RiskLens Platform. You will work with our FAIR experts to learn the FAIR model and how to perform quantitative risk analyses. At the same time, we will teach you and your team how to use the RiskLens platform and scale it across your organization. This is usually a one to two week process.
Step 2 – Platform integration (1 week)
After learning the basics of FAIR and RiskLens, we’ll start setting up your platform instance with industry data which you will use for your risk analysis from now on. It takes about a week.
Step 3 – Assessment of the main risks (1 to 2 weeks)
Once you have been trained and your instance of RiskLens has been configured with data for your industry, it is time to conduct your first analysis on your main risk scenarios. Our team will teach you and work with you to identify the most important risk scenarios that will impact your strategy going forward. It takes between a week and two weeks.
Milestone: One month after your start date, you already know your main risks in financial terms.
Step 4 – Cost-benefit assessment (1 week)
Once we’ve established your top risks, we’ll cover what to do about them with a cost-benefit assessment. This process takes about an additional week as we review 3-5 different cybersecurity initiatives and determine their impact in financial terms.
Step 5 – Executive Report (1 week)
As week seven approaches, we will produce a report for your business leaders to highlight key risks and outline a range of different initiatives to mitigate or address these scenarios. These stakeholders will be empowered (through the financial perspective you provide) to make informed decisions about which cyber risks to accept, mitigate, or otherwise act upon.
Congratulations! In two months or less, you will have:
- Trained on FAIR and the RiskLens platform
- Development of custom data libraries
- Main risk scenarios identified
- Analyze several cybersecurity initiatives, and
- Present your findings to management.
From then on, our team will help you refine your existing processes, provide further assistance when needed, and help you succeed with your new FAIR-based, RiskLens-focused quantitative cyber risk program.
*** This is a syndicated blog from the Security Bloggers Network of RiskLens Resources written by Samuel Carpenter. Read the original post at: https://www.risklens.com/resource-center/blog/6-steps-in-60-days-to-fair-quantitative-risk-management-with-risklens