GRID Active Risk Assessment Quantitative Scoring Model

Monday, April 3rd, 2023


Cyber security risk management solutions from DefenseStorm.

DefenseStorm offers a proactive approach to risk assessment so financial institutions can stop cyberthreats before they become destructive cyberattacks, allowing them to better protect their account holder and communities.

Financial institutions often treat risk assessments as an overwhelming and tedious requirement that can be completed once annually and set aside until the next year. When FIs approach the risk assessment as a one and done, check-the-box task, they expose themselves to increased cyber risk and miss an opportunity to gain real insights about their vulnerabilities and/or gaps in security. It’s imperative for FIs to understand that risk assessment is a valuable exercise that provides real-time data to build an effective cyber risk management solution.

DefenseStorm offers a proactive approach to cyber security risk management so financial institutions can stop cyberthreats before they become destructive cyberattacks, allowing them to better protect their account holder and communities.

Our built for banking solution integrates the four required components of an effective cyber risk management approach: risk assessment, governance, security, and fraud. All designed to account for the impact of operational changes at your institution, including new employees, technologies, and branches. And backed up by a highly trained security operations team.

GRID Active Risk Assessment gives our customers real-time understanding of their cyber risk profile and has recently released a Quantitative Risk Scoring Model. This model provides an aggregated risk score for each risk assessment based on the population of risks within that assessment.

The Details:

By using GRID Active Risk Assessment to manage cyber security risk assessment, DefenseStorm customers are able to leverage a pre-built library to build out their risk register. The library risks are pre-linked to controls in the control library to allow for easy set up. The control library is pre-mapped to the DefenseStorm comprehensive library of frameworks in the Governance Program, including the FFIEC CAT, NIST, CIS Controls, and many more. Evidence is systematically collected through the GRID Active integrated data platform to support a ‘strength of controls’ score on a risk.

The quantitative scoring model enhancement with our cyber security risk assessment product will suggest aggregate scores by considering the scores of the individual risks populating the assessment. The system provides a recommended score as shown in Image A. Users also can override the recommendation and set their own aggregate scores, enabling institutions the control they need to maintain proper governance over their tools and their program.

Image A – Recommended Risk Score

GRID Active Risk Assessment Quantitative Scoring Model

If a user chooses to set their own aggregate score, the system will maintain the system generated risk score recommendation for future reference (See Image B).

Image B – Aggregate Risk

Risk Assessment - DefenseStorm

The quantitative scoring model is based on a proprietary algorithm. Because of our focus on providing solutions for financial institutions, we understand the importance of model risk management and work with our customers to provide an explanation of its output for the leadership team.

If you would like to learn more about our built for banking approach to cyber security risk assessments, schedule a call with DefenseStorm today.

Jessica Caballero

Jessica Caballero

Senior Product Manager - Compliance

Jessica Caballero, Senior Product Manager Compliance and Risk, CERP, CRCM. Jessica was an examiner for the Office of the Comptroller of the Currency (OCC). After leaving the agency, and also worked as both a banker and a consultant focused mainly on compliance and risk management. Since 2015, Jessica has applied her subject matter expertise to the creation of technology solutions that solve critical problems for financial institutions. At DefenseStorm, she leads product decisions specific to compliance and risk as a Senior Product Manager. Jessica earned her bachelor’s degree in business economics from Texas State University and achieved the Certified Enterprise Risk Professional (CERP) and Certified Regulatory Compliance Manager (CRCM) designations from the American Banker Association (ABA).