Broadgate’s ASSURITY: Calculate your security exposure
Posted on : 30-07-2015 | By : admin | In : Cyber Security, Innovation
Tags: assurity, Business Focused, compliance, CVaR, Cyber Crime, Cyber value at risk, Financial Services, Information Risk Assessment, Return on Investment, ROI, Security
1
Broadgate are pleased to announce the launch of our security assessment product, ASSURITY.
Over the years we’ve helped our clients address the increasing security challenges and protect their digital assets. Our experience during this time was that there is a need for a more business focused approach, so we developed our own assessment methodology, which we have now officially launched as a product.
So how can ASSURITY help?
Like it or not, dealing with the threat of data breaches is part of modern business. Not only that, it is a board level agenda item now with corporate executives being held accountable. Currently, European law makers are engaged in the lengthy process of approving the new European General Data Protection Regulation. There are still variations to be agreed upon, but when it comes to potential fines to be imposed for data breaches the upper end stands at €100 million or 5% of company revenue.
It also states that;
“if feasible” companies should report a data breach within 24 hours of detection….and “where a data breach has occurred, the organization has to notify all those affected unless it can prove that data is unreadable by anyone not authorized to access it”
Against this backdrop, it becomes even more important that executives really understand their current risk exposure and can quantify the impact and likelihood of an event.
The ASSURITY product addresses three key challenges facing us today;
1) Understanding your business critical assets
2) Calculating your risk exposure
3) Prioritising areas requiring focus and investment
The product is differentiated against other offerings through not only the comprehensive inputs and modelling, but also by providing quantitative analysis in the form of a Cyber Value at Risk.
ASSURITY is a three step process, as outlined below;
The ASSURITY product leads organisations through a 3 step process;
Step 01
We profile the organisation from many different data points. This is a critical part of the process as it allows for a more meaningful assessment of the actual risk. C’Level executives can use the product to inform their change programme and investment decisions. It is an iterative approach during which the relative weightings for each criteria are reviewed and discussed with the client to understand carefully the business risk appetite.
Step 02
The assessment is conducted by ingesting a number of different sources from documented artefacts, processes, data and technology into the Assurity product. From this we can assess the current maturity level, a quantified risk level, the potential impact to an organisation of a data breach or security event and also the likelihood of it occurring.
Step 03
The results of the assessment are presented in a form which clearly shows the focus areas for investment, change or where in the organisation is protected at the appropriate level. We map the results to the GCHQ 10 Steps for security and translate into language which allows C’Level executives to make informed decisions.
What are the benefits of ASSURITY?
1) Information security assurance – Demonstrating to your clients, suppliers, regulators, shareholders and insurers
2) Optimising security budgets – Avoiding unnecessary investments typically results in a 30% reduction in redundant operational security expenditure, support and maintenance
3) Qualified cyber value at risk – Financial value of corporate assets at risk is defined for input into broader business risk modelling
4) Improved compliance – Security health check defines current information security level
In the ASSURITY report, we focus on four main areas;
Cyber At Risk Score
The Cyber At Risk Score takes a number of internal and external feeds to create a value from which organisations can have a more informed discussion regarding the likelihood of a security breach. We use this across the product to help quantify the impacts against the profile of the organisation.
Gap Analysts against Target Maturity
During the profiling stage we determine the appropriate maturity benchmark for the organisation. This can be based on the internal risk appetite, industry average or other determining factors, and is used to identify shortfalls, strengths and focus attention and investments.
Maturity Assessment Heatmap
Here we plot the scores from 10 assessment areas against the Likelihood and Impact of an event. Importantly, we also assign a quantified value at risk which we have determined through the profiling exercise and the current maturity level. This allows C’Level executives to target and prioritise the investment areas.
Strategic Roadmap
The output from the ASSURITY product also forms the basis for the required change programme. We split the initiatives into Quick Wins which have the most immediate impact or target the most vulnerable areas. We also provide the long term remediation plan and ongoing continuous improvement projects to meet the required target baseline.
The ASSURITY product differentiates from other methodologies by being the most complete and accurate assessment that organisations can undertake to really understand their security risk exposure.
If you would like to find out more about the product and to arrange a demo, please contact jo.rose@broadgateconsultants.com or call +44(0)203 326 8000 to speak to one of our security consultants.