Successful CISOs communicate cyber and technology risk to the business in non-technical terms – it’s why we built the RiskLens platform for cyber risk quantification. Now we’re taking the next step in aligning cyber risk management with the business while making risk reporting faster and easier: Portfolios, highly flexible, automated reporting with dashboards customizable to the information needs of the board and executive leadership.
With Portfolios, you have the freedom to create your own risk reporting categories based on what matters most to your organization. You might choose to show the cyber risk associated with...
- Business units
- Revenue streams
- Strategic initiatives
- Crown jewel assets
- Ransomware or any other attack vector
…as well as aggregated risk reporting suitable for the full board, the risk committee or senior leadership. A view across business units, for example, would enable comparison of units by risk vs. revenue, as a guide to targeting security investment at the enterprise level.
Author Taylor Maze is a Product Manager for RiskLens.
Reporting by business unit on the RiskLens platform
Portfolios Are Built on Risk Scenarios
The building blocks of Portfolio reporting are the risk scenarios you create for any risk analysis on the RiskLens platform to quantify the probable frequency and financial impact of a cyber event. In a Portfolio, users create Topics and tag them to groups of scenarios; a Topic might group scenarios related to a form of loss (Confidentiality, Integrity, Availability) or type of event (critical systems outage). You can tag a scenario for as many Topics as you want. Your choice of Topics is flexible: a Portfolio might cover Topics for a specific business unit or a general category such as a quarterly report for the board.
Reporting also reveals detail on the quantified value of risk, breaking it out into forms of loss, based on the scenarios included in the Topics in the Portfolio. (This might be of particular use in purchasing cyber insurance.)
Also show the top five risk scenarios for loss exposure from across the Topics in the Portfolio (a good guide to where to invest in mitigations for maximum risk reduction).
Automated and Dynamic Cyber Risk Reporting
A key point: Portfolios enable dynamically updated reporting across the enterprise. As RiskLens updates the data inputs for scenarios with fresh industry data on loss exposure or the organization’s analysts input corporate-specific data, all the Topics and Portfolios update as well for each time you hit the Portfolios run button, providing the business unit, for instance, with a refreshed view of risk but also the CRO looking across all the business units through another, higher level Portfolio.
Portfolios is available to RiskLens customers starting today – existing customers will have a limited-time trial of Portfolios before they choose to add on this new feature.
Learn what Portfolio reporting can do for you in our webinar, March 30 at 2:00 PM ET. Register now.