Cyber risk management solutions provider RiskLens on Thursday announced a new capability designed to help organizations improve investment and budget decisions.
The new capability, RiskLens Risk Treatment Analysis, enables cybersecurity and risk teams to assess and compare the impact — in financial terms — of decisions related to investment, controls and other treatment options. It helps organizations identify the best options for reducing costs and minimizing risks.
When organizations use the new Risk Treatment Analysis tool, they are presented with three options, each showing how much the average risk is reduced and the associated increase in cost. One treatment option focuses on maximally reducing loss exposure, while another option covers cost-effective risk reduction (i.e. the highest level of loss exposure reduction for every dollar spent). The final option is for the least expensive path to getting under a specified risk threshold.
RiskLens says that while by default it highlights the option for maximally reducing risk, it’s not naming this the recommended treatment option, due to the fact that “there is usually a lot of surrounding context around any decision that would only be known to the decision owner and not considered within the platform.”
RiskLens is the creator of FAIR (Factor Analysis of Information Risk), an international standard for quantifying cyber risk. The company says the new capability leverages the best practices and experiences of over 6,000 FAIR members, which include over 30 percent of the Fortune 1000 companies.
RiskLens told SecurityWeek that the new capability is available immediately and at no extra cost to customers with Operational Decision Support and Strategic Decision Support subscription packages. RiskLens Risk Treatment Analysis is expected to become generally available on October 9.
RiskLens announced the Risk Treatment Analysis capability after it recently launched Rapid Risk Assessment, which enables customers to quickly determine their loss exposure in financial values.Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.