At an enterprise-wide level, business leaders have to decide which risks to remediate. This decision generally comes down to risk tolerance and budget. Since budget is finite, business leaders need a way to compare all risks. This comparison provides a means to prioritize the most critical risks. The key risk register (KRR) is an enterprise-wide, top-level report that organizes the cluster of all KRI’s into one view for comparison purposes.
Traditional cyber risk methods seldom integrate well with other business risks. from heatmaps to compliance checklists, these methods fail to articulate cyber risk in financial detail. Hence, the results have limited use and cannot easily be incorporated into enterprise-wide reporting.
As an example, a risk heatmap would indicate that a certain risk is red. red indicates high risk. But what does this actually mean? Does it mean that the forecast of cyber risk is greater than all other business risks? Without this context, business leaders cannot compare cyber risk with all other business risks and set enterprise-wide strategy.
Combining Technology, Public Policy and Economics to Create a Sustainable System of Cybersecurity
John Frazzini is CEO of Secure Systems Innovation Corporation and brings a background of cybercrime investigations, cyber threat intelligence, artificial intelligence-based security applications, and cyber-attack simulation technology in his experience as a cyber-risk innovator. Prior to SSIC, he served with the U.S. Service Electronic Crimes Task Force and as an investigator for the U.S. Senate Committee on Homeland Security and Governmental Affairs: Permanent Subcommittee on Investigations. He is also a senior fellow alumnus of the GW Center for Cyber and Homeland Security at the George Washington University in Washington, D.C.
Robert Vescio is recognized globally as the leading innovator and visionary of Categorial Outcome Analysis, an emerging leading approach for cyber risk decisioning. He is the Chief Analytics Officer for Secure Systems Innovation Corporation (SSIC) and is the inventor and patent holder for several patents for X-Analytics, SSIC’s state-of-the-art cyber risk decisioning application. In his role, Robert continues to drive innovation in cyber risk decisioning solutions to enable organizations to make better cyber risk decisions using the power of data science and analytics.