New - Cyber Risk Quantification

CRQ quick start

Cyber Risk Quantification on CISO Assistant

This tutorial guides you through performing Cyber Risk Quantification using the CISO Assistant

Go to your instance

1. Introduction

You will learn how to create and configure risk studies, define scenarios with associated assets and threats, apply treatments, run simulations, and analyze results to make informed cybersecurity decisions. Before starting, ensure you have access to the CISO Assistant platform and necessary permissions to create and edit risk studies.

Introduction

2. Click "Risk"

Click "Risk" to access the risk management section where you can start your cyber risk quantification process.

Click 'Risk'

3. Click "CRQ studies"

Click "CRQ studies" to view and manage your Cyber Risk Quantification studies.

Click 'CRQ studies'

4. Click here

Click here to create a new study for your risk analysis.

Click here

5. Fill the required fields of the study

Fill "a study" to name your new study, which helps identify it later.

Fill the required fields of the study

6. Choose a domain

Click "DEMO" to select the demo environment or dataset for your study.

Choose a domain

7. Click "Save"

Click "Save" to store your new study configuration.

Click 'Save'

8. Click "Add scenario"

Click "Add scenario" to define a new risk scenario within your study.

Click 'Add scenario'

9. Create your first scenario

Fill "first scenario" to name your initial risk scenario for clarity and tracking.

Create your first scenario

10. You can select an asset now or do it later

Click "DEMO/Ecommerce portal Primary" to assign the primary ecommerce portal asset to your scenario.

You can select an asset now or do it later

11. You can select a threat now or do it later

Click "DEMO/Ransomware" to specify ransomware as the threat type for this scenario.

You can select a threat now or do it later

12. Click "Save"

Click "Save" to save your scenario settings.

Click 'Save'

13. Click here

Click here to move to the next configuration section.

Click here

14. Select the existing controls that serve as a baseline

Click "Treatment" to define the risk treatment options for your scenario.

Select the existing controls that serve as a baseline

15. Click "Simulation Parameters"

Click "Simulation Parameters" to set parameters for your risk simulation.

Click 'Simulation Parameters'

16. Fill the probability of the current baseline

Fill "0.40" to set the probability or impact factor for the simulation.

Fill the probability of the current baseline

17. Setup your lower bound (best case scenario)

Click here to proceed to the next parameter.

Setup your lower bound (best case scenario)

18. and your upper bound (worst case scenario)

Fill "100000" to set the worst-case loss estimate for the scenario.

and your upper bound (worst case scenario)

19. Click "Save"

Click "Save" to apply your simulation parameters.

Click 'Save'

20. Click on the hypothesis and then Click "Run simulation"

Click "Run simulation" to start the risk quantification process based on your inputs.

Click on the hypothesis and then Click 'Run simulation'

21. You'll notice that your LEC chart has been generated as well as multiple risk insights

You can hove over the chart for a fine grained review

22. Click here to go back to the scenario

Click "first scenario" to select the scenario for which you want to view simulation results.

Click here to go back to the scenario

23. Let's create a new hypothesis

Click "New hypothesis" to create a what-if analysis for alternative risk treatments.

Let's create a new hypothesis

24. Click "Treatment"

Click "Treatment" to assign treatments to your new hypothesis.

Click 'Treatment'

25. and pick one of the controls you want to implement

Click "DEMO/Deploy EDR solution" to select the deployment of an Endpoint Detection and Response solution as a treatment.

and pick one of the controls you want to implement

26. Click "Simulation Parameters"

Click "Simulation Parameters" to adjust parameters for the hypothesis simulation.

Click 'Simulation Parameters'

27. update the simulation parameters of this hypothesis

based on your estimate of risk reduction with this treatment plan

update the simulation parameters of this hypothesis

28. Update the probability and/or the UB/LB

Fill "0.2" to set the updated probability or impact factor for the hypothesis.

Update the probability and/or the UB/LB

29. Click "Save"

Click "Save" to store your hypothesis simulation parameters.

Click 'Save'

30. Click "Run simulation"

Click "Run simulation" to execute the what-if analysis and compare results.

Click 'Run simulation'

31. Let's go back to the scenario to compare the two hypotheses

Click "first scenario" to return to the main scenario view.

Let's go back to the scenario to compare the two hypotheses

32. What if the ROSI is not calculated?

Click your control to jump to its details.

What if the ROSI is not calculated?

33. Click "Edit"

Click "Edit" to modify treatment or scenario settings as needed.

Click 'Edit'

34. Click "Cost"

Click "Cost" to enter the financial impact or cost associated with the treatment.

Click 'Cost'

35. Describe the Build and Run cost structure

Click here to open the cost input field.

Describe the Build and Run cost structure

36. Click "Save"

Click "Save" to apply your cost settings.

Click 'Save'

37. The ROSI will get refreshed when you access the scenario again

Accessing a residual hypothesis details section will show you the calculation of ROSI

38. What if I want a summary of all my scenarios and a portfolio overview

Click "Executive Summary" to view a high-level overview of your risk quantification results.

What if I want a summary of all my scenarios and a portfolio overview

39. You can go "Back to Study" anytime to refine the scenarios and hypotheses

Click "Back to Study" to return to detailed study configuration.

You can go 'Back to Study' anytime to refine the scenarios and hypotheses

40. What if I want to set a loss threshold

Click "Edit" to make further changes to your study settings.

What if I want to set a loss threshold

41. Click "Tolerance settings"

Click "Tolerance settings" to adjust risk tolerance thresholds for your analysis.

Click 'Tolerance settings'

42. Click here

Click here to open tolerance input fields.

Click here

43. Click "Save"

Click "Save" to confirm your tolerance settings.

Click 'Save'

44. Tip: click "Retrigger All Simulations" to refresh all simulations and insights

Click "Retrigger All Simulations" to rerun simulations with updated parameters and settings.

Tip: click 'Retrigger All Simulations' to refresh all simulations and insights

45. Don't forget to use this to go to the parent object

From a hypothesis to its parent scenario, or from a scenario to its parent study

Don't forget to use this to go to the parent object

You have successfully completed a Cyber Risk Quantification study using the CISO Assistant. By defining scenarios, assigning assets and threats, configuring treatments, and running simulations, you can now analyze potential risks and their financial impacts. To verify success, review the Executive Summary and ensure simulations reflect your updated parameters. Next, consider exploring advanced hypothesis testing or adjusting tolerance settings to refine your risk management strategy.

Powered by guidde