cyber risk ecosystem from evolver
TRANSCRIPT
The Evolver Cyber Risk Ecosystem
THE MOVE TORISK MANAGEMENT
Quantify Business RiskFind Exposed DataReduce RiskTransfer RiskMonitor and Improve ControlsRequantify Risk
BASIC STEPSCYBER RISK ECOSYSTEM
The Quantification of RiskEvolver utilizes the
Factor Analysis of Information Risk Model (FAIR)
We partner with RiskLens as a SaaS quantification tool
The way most information security professionals measure risk today fails to quantify cyber-risk in terms the business can understand and use
EASIER SAID THAN DONE…
Governance, Risk & Compliance Tools
G R CVery Low
LowModerate
HighVery High
12345
= =
2
Qualitative Checklists & Excel1
©2016 by RiskLensPowered by
THE BREAKTHROUGH A UNIQUELY SCALABLE RISK MODEL
Accredited as an Industry Standard by
Supported by a Fast Growing Community
FAIR Book Inductedin Cybersecurity
Canon
Complementary toRisk Frameworks
©2016 by RiskLensPowered by
HOW IT WORKSTHE ONLY PURPOSE-BUILT VALUE-AT-RISK PLATFORM BUILT ON FAIR
©2016 by RiskLensPowered by
• Together we identify key business risk elements • Then apply the FAIR model to determine quantitative risk figures
• Results are financially based and are directly related to the specific business operations.
EVOLVER WORKS WITH CRO, CISO AND BUSINESS LEADERS
What data has been exposed?
Evolver utilizes several discovery methodsOne partner is Lemonfish for
open, deep and dark web discovery
Evolver determines if the company may have already been breached and does not know it.
In many cases the attack has thwarted the existing systems and company is not aware.
USING THE QUANTIFICATION EFFORT• Identify the highest value
assets of the company • Search for the data in the
open, deep and dark web• Report findings to the client • If detected, work with the client• resolve the breach area • begin incident response actions (if
required)
What Can I Do to Reduce
Risk?
OUR FINDINGS ARE OF MUCH GREATER VALUE TO THE CLIENT
We perform an assessment based on those areas that are most critical to the business
We conduct the assessment with the knowledge and understanding of where the critical business functions lie
$
ACTION ITEMSTO REDUCE OVERALL CLIENT RISK
Cyber Assessments
Policy Reviews
Penetration Testing
Vulnerability Analysis
A full suite of cybersecurity
audit and
assessment services
OPERATIONAL SERVICESTO SUPPORT THE IMPLEMENTATION OF RISK REDUCTION PROGRAMS
SOC Operations
Monitoring Tools
Technology Refresh
Threat Management
A full suite of
cybersecurity 24/7
operational services
As part of an overall cyber program, we: • Show where risks lie• Provide quantifiable
numbers to show where risks can be reduced• Show where insurance can
best be applied
WE SUPPORT STRATEGIES FOR BUYING CYBER INSURANCE
Integration of quantified risk findings
with continuous monitoring and control implementation.
Partner with GRC tools including CyberOne and RSA
Cloud based Security-as-a-Service
• Enterprise Asset Protection• Vendor & Risk Management• Control Monitoring• Business Continuity and Disaster
Recovery Management
Automated Compliance ChecksRisk Reporting & Analytics
RISK BASED SECURITY SOLUTIONS 1Identify
2Analyze
3Implement
4Monitor
5Compliance Report
6Audit
©2016 CyberOne
INTEGRATED SECURITY BENEFITS
Policy & Compliance Managemen
t
Information & Asset
Governance
Incident Response
Management
Vendor Managemen
t
Risk Managemen
t
Vulnerability
Management
Cyber Insurance
Management
Security-as-a-Service
Open Integrations
Dashboards & Reports
Best Practices
Process AutomationAutomated Continuous Monitoring
Relationship & Risk Management
Security Analytics
INTEGRATED FRAMEWORK BENEFITS
©2016 CyberOne
Requantify Risk
•The final step is to repeat the cycle
as part of the ongoing operations of the company
•C-Suite and the Board have visibility into • overall improvements • impact of the changing threats on the company
NEVER RESTON THE IDEA THAT CYBER RISK HAS BEEN TOTALLY ELIMINATED
Quantify Risk
Find Exposed Data
Reduce RiskTransfer Risk
Monitor & Improve Controls
Requantify Risk
Evolver, Inc.1943 Isaac Newton Square East
Suite 260Reston, VA 20190
[email protected]/Cyber
SINCE 2000, EVOLVER HAS SERVED THE FEDERAL, COMMERCIAL, AND LEGAL INDUSTRIES.
Service offerings include cybersecurity, cloud solutions, application development, infrastructure design and management, mobility solutions, end user support, data analytics, end-to-end eDiscovery and other managed technology services.