DEFENSESTORM BLOG
Monday, April 3rd, 2023
DefenseStorm offers a proactive approach to risk assessment so financial institutions can stop cyberthreats before they become destructive cyberattacks, allowing them to better protect their account holder and communities.
Financial institutions often treat risk assessments as an overwhelming and tedious requirement that can be completed once annually and set aside until the next year. When FIs approach the risk assessment as a one and done, check-the-box task, they expose themselves to increased cyber risk and miss an opportunity to gain real insights about their vulnerabilities and/or gaps in security. It’s imperative for FIs to understand that risk assessment is a valuable exercise that provides real-time data to build an effective cyber risk management solution.
DefenseStorm offers a proactive approach to cyber security risk management so financial institutions can stop cyberthreats before they become destructive cyberattacks, allowing them to better protect their account holder and communities.
Our built for banking solution integrates the four required components of an effective cyber risk management approach: risk assessment, governance, security, and fraud. All designed to account for the impact of operational changes at your institution, including new employees, technologies, and branches. And backed up by a highly trained security operations team.
GRID Active Risk Assessment gives our customers real-time understanding of their cyber risk profile and has recently released a Quantitative Risk Scoring Model. This model provides an aggregated risk score for each risk assessment based on the population of risks within that assessment.
The Details:
By using GRID Active Risk Assessment to manage cyber security risk assessment, DefenseStorm customers are able to leverage a pre-built library to build out their risk register. The library risks are pre-linked to controls in the control library to allow for easy set up. The control library is pre-mapped to the DefenseStorm comprehensive library of frameworks in the Governance Program, including the FFIEC CAT, NIST, CIS Controls, and many more. Evidence is systematically collected through the GRID Active integrated data platform to support a ‘strength of controls’ score on a risk.
The quantitative scoring model enhancement with our cyber security risk assessment product will suggest aggregate scores by considering the scores of the individual risks populating the assessment. The system provides a recommended score as shown in Image A. Users also can override the recommendation and set their own aggregate scores, enabling institutions the control they need to maintain proper governance over their tools and their program.
Image A – Recommended Risk Score
If a user chooses to set their own aggregate score, the system will maintain the system generated risk score recommendation for future reference (See Image B).
Image B – Aggregate Risk
The quantitative scoring model is based on a proprietary algorithm. Because of our focus on providing solutions for financial institutions, we understand the importance of model risk management and work with our customers to provide an explanation of its output for the leadership team.
If you would like to learn more about our built for banking approach to cyber security risk assessments, schedule a call with DefenseStorm today.