A 360° view of cybersecurity
In the same way as for operational and financial risks, senior managers need to understand the impact of cyber risks on their organisation so that they can make informed decisions on how to deal with and control them in real time. That's what our platform offers today. In addition to our innovative, automated ‘bottom-up’ template for mapping cyber risks, we are adding a new ‘topdown’ function for the financial quantification of strategic risks. By creating the first platform to enable the two models to converge, we are providing managers with a real, objective view and more effective indicators to help them define their cyber strategies with greater precision. We start from what already exists, from qualifying risks, which we believe to be essential, to ultimately quantifying them and thus obtaining end-to-end analysis and control.
This new approach provides a clear picture of the level of security (rate of application of controls), a comprehensive, cross-functional view of all the risks facing the organisation, and a more detailed understanding of how to address them. Aggregating all the risks, the controls and the progress made on the risk treatment plans gives senior managers a 360° view of their cybersecurity
Decision aid and risk-based governance
Each security control, quantified in terms of internal costs and burdens, automatically contributes to risk reduction, with a diagram for instant understanding of the result obtained. This makes it easy for managers to choose the most effective controls to cover the risks. Thanks to the controls and action plan aggregated in our 360° Vision, the platform delivers risk coverage, investment cost and reduction in probable financial losses for the risk in the form of graphs: this allows you to visualise the situation after treatment, and to control the total amount to be invested to move from the current situation to a more acceptable one in terms of cyber risks and estimated financial losses (risk appetite). It is an optimal decision aid and risk governance tool that finally speaks a language that can be understood by executive committees.
By coupling this intelligent decision aid system with the FAIR™ (Factor Analysis of Information Risk) method, we move into a dimension of financialisation (average valuation of probable losses) where it is possible to choose the most relevant controls in terms of the costs and investments they require and the risk reduction they provide. The aim is to model the data scientifically, using an approach that is both statistical and methodical, and, therefore, repeatable and auditable.
Once the list of controls has been drawn up, differentiating between those which have already been applied, those which still are pending and those which have been defined as essential, the process stage begins. Users are empowered in their roles. Each one becomes an active player in the company’s global protective approach.
The FAIR™ risk quantification method also adds another layer to the international dimension of risk management. It enables CISOs and cybersecurity directors to reinforce their 360° Vision by incorporating economic and geopolitical information about the environment or associated environments. This information is processed and matched to its potential impact in cyberspace. Decisions can be taken more easily and the actions to take clearly identified. These elements, shared throughout the organisation, make it possible to anticipate risks and safeguard the group’s other international subsidiaries.
Valuing people
The platform highlights how employees are already addressing the company’s risks through their own concrete actions. It’s a rewarding approach that brings people together and encourages them to support the company’s cyber strategy. By highlighting what has been achieved and what remains to be done, we present a pragmatic cyber approach with a clear vision of the future. Collaborative tools for quantifying risk are also designed to empower people and enhance their role in the cyber value chain.