Uncover the biggest vulnerabilities across your entire portfolio with Portfolio Risk Findings. By selecting a Framework (including Custom) or Threat Profile relevant to your operations, gain insight into your poorest performing vendors and their specific gapped controls while learning the most common controls unmet in your entire portfolio and all associated vendors per each control.
Getting a big-picture view so you have the context necessary of what is happening in your portfolio is vital for a proactive Cyber Risk Management program. Here are a few use cases that can be applied to your current program to bring you to the next level:
Use Case #1 - You don’t know which vendors are problematic nor understand the size of the problem.
To understand what’s hidden in your portfolio, you must first gain the “context” of the problem. Whether you depend on a few hundred, or a few thousand, third-party vendors to get the job done, knowing where the gaps in your security are is a vital part of keeping your organization protected and healthy.
Understanding the potential risk hidden in your portfolio, a company can start by using a relevant Framework related to their industry, or even a Custom Framework, to see which of your vendors have the most ungapped controls, which leave the door open for vulnerabilities, through the “Priority Third Parties” view. With this data, you can analyze the vendors you depend on the most and determine if you want to lower the amount of data they access depending on the ungapped controls reported back to you. Additionally, you can scroll down to “Risk Registry Priorities” to see which unmet controls and how many vendors do not meet your standards. This allows you to determine the importance of this control and develop internal mitigation strategies so if the vulnerability were to be exploited one day, you have a plan in place.
Portfolio Risk Findings can dig into your entire portfolio and analyze all of your vendors based on a topic most important to you (Framework or Threat Profile) so you can begin to understand the context of the problem you have on your hands and walk away with a tangible controls report to begin internal mitigation strategies or an external solution with the vendors in question.
Use Case #2 - I cannot afford to be reactive. I need a proactive Cyber Risk Management program.
Portfolio Risk Findings provides a cost-effective opportunity to convert your reactive risk program into a fully-fledged, proactive Cyber Risk Management built on the key pillars of Cyber Risk Intelligence: Trusted Data, Industry Standard Risk Models, Industry Respected External Sources, and Predictive Data.
Portfolio Risk Findings uses all of this data to develop a Framework Score to help you determine the level of inherent risk a vendor poses to your organization. Instead of sifting through assessment after assessment or waiting for a breach to occur, you can select a Framework or Threat Profile that makes sense for your organization and see which vendors fall short and the responsible controls. With this knowledge, a Customer can proactively approach a vendor and develop a mitigation strategy together to get ahead of any potential bumps in the future.
Similarly, the “Risk Registry Priorities” lists the most common unmet controls across your portfolio based on the Framework or Threat Profile selected. A Customer can use this information to reevaluate the level of data access some vendors have or become more critical in selecting which vendors to work with.
Use Case #3 - I need to replace or bring on a new vendor and make a confident decision.
A turning point for any Cyber Risk Management program is the ability to make confident decisions quickly. Though you can use Portfolio Risk Findings to uncover hidden vulnerabilities across vendors and specific controls that could plague your organization, you can also use the feature to make confident decisions as your business continues to move forward.
Vendors come and go, but ensuring the least risky vendor is chosen to handle your data is critical. To vet vendors, a Customer can add custom tags to the vendors they want to analyze. Once in Portfolio Risk Findings, they can select a Framework or Threat Profile relevant to how the vendor will be utilized and, through the filters, select the custom tag associated with the vendors.
In the results, a Framework Score would rank the riskiest to least risky vendors. For example, if two of the vendors both had a Framework Score of lower than 30, while the other two had a score higher than 70, then it’s reasonable to dismiss the two vendors with a low Framework Score as they pose a higher risk and only focus on the vendors with a high Framework Score.
Portfolio Risk Findings offers Customers reliable Cyber Risk Intelligence to be used to make confident security and business decisions so they can be secure as they scale.
Please sign in to leave a comment.