Power What’s Next in IT & Cyber Risk with MetricStream Intelligence and InnovationsIT GRC/Cybersecurity | 3 Min Read |11 November 21|by Joy Bhowmick
We recently concluded our flagship event, GRC Summit, held on October 19-20 in a hybrid format comprising of virtual and in-person engagements.
Now in its ninth year, the summit is the largest gathering of risk professionals, C-suite executives, thought leaders, industry experts, and practitioners, who come together and share their experiences and best practices to navigate today’s complex and rapidly evolving risk and threat landscape.
This year, Anil Kumar, Sr. Director, Product Manager – IT and Cyber Security, MetricStream, and I got an opportunity to give a walkthrough on the latest innovations that are being done and planned in our IT & Cyber Risk products. Here are some of the key points that we discussed:
- Current IT and Cyber Security Challenges
The key challenges faced by organizations in the area of IT & cyber today include growing supply chain attacks and data breaches, the proliferation of controls and associated costs, lack of visibility into IT & cyber risk, regulatory compliance, the need to quantify and communicate cyber risk in financial terms, and more. We recommend organizations to implement an integrated and platform-based approach across all programs for facilitating consistency and harmonization among different processes and functions.
- Cyber Risk Quantification
We have been pioneering efforts on cyber risk quantification for a long time. Cyber risk quantification, as the name suggests, is quantifying or expressing cyber risks in financial or monetary terms. This quantitative risk assessment method essentially transforms uncertainty associated with technical aspects of threat, vulnerability, and controls into financial language that business leaders and stakeholders can interpret and act upon. Speaking of the benefits, cyber risk quantification enables
- CISOs to communicate cyber risk exposure to the board and other executives
- To prioritize cyber investments and decision-making (whether to accept or mitigate the risk)
- To meet regulatory requirements associated with disclosing cyber risk factors in financial terms
The session further delves deeper into techniques of quantifying risk – discrete and probabilistic factor values, Risk Quantification Models – factors-based hierarchical models, actuarial/insurance models, AI/ML-based models, and more.
- MetricStream Intelligence
Our products are infused with what we call MetricStream Intelligence – a combination of our AI/ML engine and calculation engine. It sits on top of our federated data model.
If you break down cyber risk management, it is basically about managing your assets, threats, vulnerabilities, issues, and control database. This forms the very first layer of our federated data model. We’ve built a platform on top of this layer that enables simplified ways of capturing the data as well as direct exchange via APIs in real time. Then we have a whole gamut of reporting and workflow around it.
On top of these layers, we have built our machine learning model, which allows you to create simulation techniques and empowers you to do statistical analysis along with machine learning techniques.
In short, the way we approach this is by enabling organizations to not just manage the workflow of risk assessment, but also to do the computation of the risk and take action driven by facts and data.
- AI-Powered Action Plan Recommendations
Our customers have often highlighted a major challenge they face – classifying and creating relevant content for an issue. Our Issue Management System is now capable of assisting the users to tag related issues and create relevant content for an issue. This capability of our AI/ML Model is further enhanced to provide recommendations about the relevant actions that must be implemented in order to mitigate an issue.
- Future Innovations
Going forward, we plan to bring more AI/ML-based use cases to our customers, including in the area of response recommendation, control rationalization, and more. Stay tuned!