Building an Effective Cyber Risk Program: How to Tie Cyber RiskManagement Initiatives to Risk Reduction

How to prioritize cyber risk mitigation initiatives

How do you prioritize your next cyber security project? How can you support that decision with empirical data? With a never-ending backlog of projects and tasks it can be difficult to know what’s the best use of your time and budget. X-Analytics highlights the greatest sources of cyber risk, explains how threats can result in business impacts, and suggests the most effective controls to reduce cyber exposure. This information makes next steps clear and provides powerful justifications for where you should spend your next dollar for cyber risk mitigation.

You can visualize the riskscenarios presenting the greatest exposures using the X-Analytics Risk ScenarioGrid, shown below.

X-Analytics Risk Scenario Grid: Start byUnderstanding Where Your Exposures Lie

The X-Analytics Risk Scenario Grid provides a high-level overview of scored, color-coded cyber risks, rating them from low to high. The darker the red and the higher the number the higher the risk. You can drill down into each score by clicking on the cell. The y-axis of the grid lists the types of Asset Groups that are vulnerable in the network:Server/Apps, Network, End User Systems, Terminal, ICS/SCADA, HealthcareDevices, Onboard Systems, Critical IoT, Non-Critical IOT, Media & OfflineData, and People. All assets are inventoried and tracked in X-Analytics. When onboarding, you complete a Cyber Risk Profile that identifies the asset categories in your digital estate. The data shown in the grid applies specifically to your environment.

The x-axis of the grid names the possibleThreat Categories or avenues of attack: WebApp Attack, PoS Intrusion, Misuse,Error, Theft/Loss, Crimeware, Skimmers, Cyber Espionage, DoS Attack, and EverythingElse (which is mostly phishing). The data for these threats is collected over 100 publicly accessible data sources, as X-Analytics continuously updates its analytics to reflect the rapidly evolving cyber threat environment. This includes dynamic variables such as cyber threats, financial impacts, and incident probabilities.

CyberRisk Details: Identifying Opportunities for Risk Reduction

Simply click on a cell inthe grid to open a new window with Cyber Risk Details about the threat, assetprotection, and cyber risk mitigation strategies. The example below shows details for Server/Apps that have been compromised through a WebApp attack. TheCyber Risk Details window is shown below.

Summary

The X-Analytics Risk Scenario Grid makes it easy to identify your top risk scenarios and the corresponding controls that can help you reduce cyber exposure. By compiling all of the possible cyber risks in one place and providing actionable risk mitigation guidance, you can build an effective strategy to continuously reduce cyber exposures as your business evolves in the dynamic cyber threat landscape.