Methodology
Executives need to know how much it will cost and how it helps them run the business. Business Threat Modeling (TM) is a practical way for executives to assess their operational risk in Euros and Dollars. The advantages of the methodology are:
- Place the focus on asset management and Value at Risk reduction before acquisition of information and security technologies.
- Prioritize prevention with the right countermeasures.
- Quantify risk in dollar terms.
- Justify investments in security, compliance and risk management to the management board.
The problem with most GRC (governance, risk and compliance) and ERM (enterprise risk management) systems today is that they don’t calculate risk, they make you work hard and they’re not that easy to use. Our methodology and software, calculate risk in the language of business – dollars. This is how it works:
You own assets – for example, expensive diamond jewelry stored at home. These assets have a dollar value.
Your asset has vulnerabilities – since you live on the ground floor and your friendly German Shepherd knows where the bedroom is and will happily show anyone around the house.
The key threat to the asset is that an attacker may break in through the ground floor windows.
The countermeasures are bars for the windows, an alarm system and training your dog to be a bit less friendly around strangers with ski-masks.
Using countermeasure costs, asset value, threat probability of occurrence and damage levels, we calculate Value at Risk in financial terms, and propose an prioritized, cost-effective risk mitigation plan.
Comments are off for this post