New - Cyber Risk Quantification
CRQ quick start
This tutorial guides you through performing Cyber Risk Quantification using the CISO Assistant
Go to your instance
1. Introduction
You will learn how to create and configure risk studies, define scenarios with associated assets and threats, apply treatments, run simulations, and analyze results to make informed cybersecurity decisions. Before starting, ensure you have access to the CISO Assistant platform and necessary permissions to create and edit risk studies.
2. Click "Risk"
Click "Risk" to access the risk management section where you can start your cyber risk quantification process.
3. Click "CRQ studies"
Click "CRQ studies" to view and manage your Cyber Risk Quantification studies.
4. Click here
Click here to create a new study for your risk analysis.
5. Fill the required fields of the study
Fill "a study" to name your new study, which helps identify it later.
6. Choose a domain
Click "DEMO" to select the demo environment or dataset for your study.
7. Click "Save"
Click "Save" to store your new study configuration.
8. Click "Add scenario"
Click "Add scenario" to define a new risk scenario within your study.
9. Create your first scenario
Fill "first scenario" to name your initial risk scenario for clarity and tracking.
10. You can select an asset now or do it later
Click "DEMO/Ecommerce portal Primary" to assign the primary ecommerce portal asset to your scenario.
11. You can select a threat now or do it later
Click "DEMO/Ransomware" to specify ransomware as the threat type for this scenario.
12. Click "Save"
Click "Save" to save your scenario settings.
13. Click here
Click here to move to the next configuration section.
14. Select the existing controls that serve as a baseline
Click "Treatment" to define the risk treatment options for your scenario.
15. Click "Simulation Parameters"
Click "Simulation Parameters" to set parameters for your risk simulation.
16. Fill the probability of the current baseline
Fill "0.40" to set the probability or impact factor for the simulation.
17. Setup your lower bound (best case scenario)
Click here to proceed to the next parameter.
18. and your upper bound (worst case scenario)
Fill "100000" to set the worst-case loss estimate for the scenario.
19. Click "Save"
Click "Save" to apply your simulation parameters.
20. Click on the hypothesis and then Click "Run simulation"
Click "Run simulation" to start the risk quantification process based on your inputs.
21. You'll notice that your LEC chart has been generated as well as multiple risk insights
You can hove over the chart for a fine grained review
22. Click here to go back to the scenario
Click "first scenario" to select the scenario for which you want to view simulation results.
23. Let's create a new hypothesis
Click "New hypothesis" to create a what-if analysis for alternative risk treatments.
24. Click "Treatment"
Click "Treatment" to assign treatments to your new hypothesis.
25. and pick one of the controls you want to implement
Click "DEMO/Deploy EDR solution" to select the deployment of an Endpoint Detection and Response solution as a treatment.
26. Click "Simulation Parameters"
Click "Simulation Parameters" to adjust parameters for the hypothesis simulation.
27. update the simulation parameters of this hypothesis
based on your estimate of risk reduction with this treatment plan
28. Update the probability and/or the UB/LB
Fill "0.2" to set the updated probability or impact factor for the hypothesis.
29. Click "Save"
Click "Save" to store your hypothesis simulation parameters.
30. Click "Run simulation"
Click "Run simulation" to execute the what-if analysis and compare results.
31. Let's go back to the scenario to compare the two hypotheses
Click "first scenario" to return to the main scenario view.
32. What if the ROSI is not calculated?
Click your control to jump to its details.
33. Click "Edit"
Click "Edit" to modify treatment or scenario settings as needed.
34. Click "Cost"
Click "Cost" to enter the financial impact or cost associated with the treatment.
35. Describe the Build and Run cost structure
Click here to open the cost input field.
36. Click "Save"
Click "Save" to apply your cost settings.
37. The ROSI will get refreshed when you access the scenario again
Accessing a residual hypothesis details section will show you the calculation of ROSI
38. What if I want a summary of all my scenarios and a portfolio overview
Click "Executive Summary" to view a high-level overview of your risk quantification results.
39. You can go "Back to Study" anytime to refine the scenarios and hypotheses
Click "Back to Study" to return to detailed study configuration.
40. What if I want to set a loss threshold
Click "Edit" to make further changes to your study settings.
41. Click "Tolerance settings"
Click "Tolerance settings" to adjust risk tolerance thresholds for your analysis.
42. Click here
Click here to open tolerance input fields.
43. Click "Save"
Click "Save" to confirm your tolerance settings.
44. Tip: click "Retrigger All Simulations" to refresh all simulations and insights
Click "Retrigger All Simulations" to rerun simulations with updated parameters and settings.
45. Don't forget to use this to go to the parent object
From a hypothesis to its parent scenario, or from a scenario to its parent study
You have successfully completed a Cyber Risk Quantification study using the CISO Assistant. By defining scenarios, assigning assets and threats, configuring treatments, and running simulations, you can now analyze potential risks and their financial impacts. To verify success, review the Executive Summary and ensure simulations reflect your updated parameters. Next, consider exploring advanced hypothesis testing or adjusting tolerance settings to refine your risk management strategy.
Last updated
Was this helpful?