Cyber Risk Quantification as a Service allows TUV Rheinland OpenSky to provide enterprise-level FAIR analysis on the risks that clients face during their digital transformation journey. New technology, new business to business ecosystems, growing privacy concerns and varying threats create numerous potential loss scenarios. TUV Rheinland OpenSky can help clients identify and analyze those risks using information from assessments, scans and testing using frameworks such as ISO 31000 and NIST 800-30. They can also identify key controls that reduce most of the risk across common loss scenarios.
From there, new questions arise: What is an appropriate amount to spend to treat this risk? What should our cyber insurance cover? How much of my budget should be apportioned to an initiative?
Heat maps with red, yellow and green results do not answer those questions. This service offering does. TUV Rheinland OpenSky’s FAIR-certified consultants will provide annualized loss expectancy to answer those questions and others using information from your experts and other market information. They can even tie in information from their clients’ GRC data and integrate quantification of risks into GRC-based risk registers. CSOs in programs that have tied in FAIR acknowledge that management decision support in security simply did not exist like it does now.
According to Anish Srivastava, CEO and President of TUV Rheinland OpenSky, “The RiskLens platform is a crucial component of security management decision support. Our clients are not only challenged with reporting up to the board, but also making the security case to the investment committee, rationalizing their security portfolios, and rightsizing remediation plans. The FAIR methodology, with true data integration, is timed well in a climate where compliant organizations continue to be compromised by a broad category of losses. We offer our clients services and solutions that empower them in determining the allocation of precious resources.”
According to Nicola (Nick) Sanna, CEO of RiskLens, “TUV Rheinland OpenSky is a strategic advisory, consulting and integration services partner assisting large enterprises in building GRC and risk management programs based around the FAIR standard and now through the use of the RiskLens software platform. RiskLens global reach and proliferation into operational technology (OT) and Internet of Things (IoT) manufacturers through TUV Rheinland OpenSky’s trusted brand and risk assessments as a service will be powered by RiskLens’ risk analysis capabilities.”
Christine Lagarde, Managing Director of the International Monetary Fund (IMF), not only recently identified cyber risk as a top risk but also a “significant threat” to the financial system. That’s why cyber risk quantification has emerged as a risk management necessity. Gartner recently spotlighted cyber risk quantification and endorsed the FAIR-style approach in its “Integrated Risk Management” Magic Quadrant.
Integrated Risk Management is the natural evolution of Governance, Risk and Compliance (GRC) programs and technology. RiskLens offers the industry’s most powerful and actionable decision-support platform for cybersecurity and risk management teams that is able to assess the financial impact of cybersecurity events. The RiskLens platform arms risk management programs with a robust model for measuring risk in actual dollar, damage, and ratio implications. With this quantitative analysis, organizations can deliver reports to key stakeholders in a business language, prioritize security remediation activities, evaluate ROI of cybersecurity initiatives and optimize security budgets.
TÜV Rheinland ist ein weltweit führender unabhängiger Prüfdienstleister mit 145 Jahren Tradition. Im Konzern arbeiten über 20.000 Menschen rund um den Globus. Sie erwirtschaften einen Jahresumsatz von knapp 2 Milliarden Euro. Die unabhängigen Fachleute stehen für Qualität und Sicherheit von Mensch, Technik und Umwelt in fast allen Wirtschafts- und Lebensbereichen. TÜV Rheinland prüft technische Anlagen, Produkte und Dienstleistungen, begleitet Projekte, Prozesse und Informationssicherheit für Unternehmen. Die Experten trainieren Menschen in zahlreichen Berufen und Branchen. Dazu verfügt TÜV Rheinland über ein globales Netz anerkannter Labore, Prüfstellen und Ausbildungszentren. Seit 2006 ist TÜV Rheinland Mitglied im Global Compact der Vereinten Nationen für mehr Nachhaltigkeit und gegen Korruption. Website: www.tuv.com
TÜV Rheinland
Am Grauen Stein
51105 Köln
Telefon: +49 (221) 806-2148
http://www.tuv.com
Pressesprecher Informationssicherheit
Telefon: +49 (221) 806-3060
Fax: +49 (221) 806-3093
E-Mail: Norman.Huebner@de.tuv.com