New algorithms solve the cyber risk equation by automatically determining the risk value of computer systems, enabling precise cyber risk assessment and action
Salt Lake City, Utah (October 15, 2018) – RiskRecon, the world’s leading platform provider for easily understanding and acting on third-party cyber risk, announced its ground-breaking asset valuation algorithms that automatically determine the inherent risk value of any Internet-facing system. Automatically determining asset value is critical to managing cyber risk because it enables organizations to easily create action plans focused on addressing risk.
“Risk professionals spend too much time analyzing mountains of issues to determine the risk relevance,” explained Kelly White, Co-Founder and CEO of RiskRecon. “RiskRecon automatically contextualizes every issue with issue severity and asset value that enables professionals to easily identify risk priorities and needed action.”
RiskRecon visually summarizes issue risk priority within a “Risk Prioritization Matrix,” showing each issue within the context of issue severity and asset risk value. Summarizing the risk priority of 3,000,000 issues existing in commercial Internet-facing systems reveals that only 0.12% are critical severity issues in high-value assets. “The vast majority of risk resides in less than 6% of total issues,” explained White. “RiskRecon enables you to easily identify the issues of risk that matter and, just as importantly, identify the issues that don’t.”
Jack Jones, Chairman of the FAIR Institute and Co-founder of RiskLens, noted that: “Far too much energy in information security is wasted on resolving issues that don’t matter. As the FAIR model promotes, effective risk management requires understanding the probable frequency and magnitude of loss; that depends on understanding asset value. I am really pleased to see RiskRecon bring the ability to automatically determine asset value to market.”
RiskRecon’s asset valuation algorithms automatically assign a value to cyber assets such as systems, domains, and networks. The algorithms also tag each asset with value indicators, including the system’s functionality and the data types it collects; these indicators enable risk professionals to immediately understand any asset’s value.
Deployed to third-party risk management, RiskRecon’s automated risk assessments provide the most precise visibility into vendor cyber risk performance, enabling dramatically better third-party risk outcomes with much greater efficiency.
RiskRecon customers use this capability to better solve third-party cyber risk, enabling them to identify and act on the vendors and issues that expose them to the greatest risk. Organizations also leverage RiskRecon to better understand their own risk surface and exposures.
About RiskRecon RiskRecon is the only continuous vendor monitoring solution that delivers risk-prioritized action plans custom-tuned to match your risk priorities, providing the world’s easiest path to understanding and acting on third-party cyber risk. Partner with RiskRecon to build your scalable, third-party risk management program to realize dramatically better risk outcomes. To learn more about RiskRecon’s approach, request a demo or visit the website at www.riskrecon.com.