Nehemiah Security Releases Risk Quantifier 3.4
RQ Automates an Enterprise’s Financial Risk Model of Cyber Attacks
Nehemiah Security, the industry leader in automated cyber risk quantification, announces the general availability of Risk Quantifier version 3.4, a powerful SaaS solution to continuously measure and assess the magnitude of an organization’s financial losses associated with cyber risk designed to serve enterprise clients with multiple business lines.
Risk Quantifier (RQ) enables more actionable cyber risk governance that leads to optimized operations and technology, resource, and process investments. RQ enables customers who have adopted the Factor Analysis of Information Risk (FAIR) framework to rapidly deliver financial and business risks for enterprises by reducing what previously could take substantial effort in labor hours across months to a matter of hours or days. This is possible because RQ applies expert risk and financial data, obtained and curated from the broadest and most current market information, to a model of your IT controls. RQ next incorporates that data into cybersecurity frameworks like NIST and MITRE ATT&CK to measure the effects of controls, the projected impacts of threats, and the magnitude of financial impacts over time. Customers are then able to critique and refine the open model to better reflect their needs.
“RQ continues to evolve not only as our customers mature in risk understanding, but also as the universe of actual loss data, resulting from corporate data breaches around the world, expands,” said Jerry Caponera, Vice President of Product and Cyber Risk at Nehemiah Security. “Our enterprise clients have a continued need to manage cyber risk as a business risk, and our continued efforts to monitor privacy regulations across the globe, to gather intelligence about the most current threats and TTPs, and to codify the data and analysis into a platform that performs the heavy lift for their risk teams are delivering results.”
New features included in Risk Quantifier version 3.4 include:
- Empowering users to quickly assess the three most important questions regarding cyber risk: What is my financial exposure? How likely am I to be hit? Can my defenses adequately prevent an attack from succeeding?
- Visualization of systemic risk factors that are shared across lines of business or inherited from the corporate level to a particular line of business.
- Providing updated Board-level scenarios dashboard with guidance related to the three most significant “what if” factors:
- What if the magnitude of the total financial risk changes? (What are our predicted maximum losses?)
- What if the probability of cyber attack by type on our organization changes? (What are the chances of our company being the target of a particular attack?)
- What if the attack is successful given the current and forecasted state of IT controls?
With the introduction of version 3.4, Nehemiah RQ will be offered in two packages: single business unit loss & risk prediction and enterprise-wide loss & risk predictions.
“With accurate and relevant digital risk insight, a CISO can place tools, tactics, and teams against the right targets. It’s more important than threat intelligence and vulnerability management,” said Joel Fulton, former CISO at Splunk. “RQ delivers insights into your priorities, guided by real-world financial values associated with your data, your security infrastructure, and your threats, and enables you to make sound business decisions and communicate with your Board of Directors.”