Complete the basic business self-assessment to configure the risk scenarios and business details needed for an initial cyber risk quantification analysis.
The basic business self-assessment is a two-step process designed for a quick initial
setup. The first step collects essential information about your organization's profile,
finances, and workforce. The second step captures your risk scenario preferences and
the asset scope for the analysis. To provide more detailed information and improve
the confidence level of results, click Switch to advanced business self-assessment at any time.
Fields marked with an asterisk (*) are required. Completing recommended fields improves
the accuracy and confidence level of results.
The Business overview section of the basic business self-assessment collects basic information about your
organization:
|
Field
|
Description
|
|
Industry *
|
The primary industry that best describes your organization. Used to find comparable
peer organizations and apply industry-specific threat data to the analysis.
|
|
Size *
|
Your organization's total employee count range.
|
|
Country/region *
|
The primary country or region where your organization operates. Used for regional
threat modeling and peer comparison.
|
The Finance section of the basic business self-assessment collects information about your organization's
annual revenue:
|
Field
|
Description
|
|
Total revenue last year *
|
Your organization's total monetary revenue from the most recent fiscal year. Used
to calculate monetary risk as a percentage of annual revenue and as a basis for estimating
financial losses. Find the total revenue figure in your latest annual report, audited
financial statement, or internal profit and loss statement.
|
The Workforce section of the basic business self-assessment collects information about the size
and cost of your incident response and support teams:
|
Field
|
Description
|
|
How many people are on your incident response team?
|
The number of employees and contractors whose primary role involves detecting, containing,
and remediating security incidents. Include everyone who would be mobilized during
a major incident. Find the incident response team count in your SOC org chart, on-call
schedule, or incident response playbook.
|
|
Average daily cost per incident response team member
|
The average total daily cost per incident response team member, including salary,
benefits, and overhead. Estimate the daily cost by dividing the annual cost per team
member by 260 working days.
|
|
How many people are on your support team?
|
The number of employees and contractors responsible for restoring IT services and
supporting users during incidents, not including security investigators already counted
in the incident response team.
|
|
Average daily cost per support team member
|
The average total daily cost per support team member, including salary, benefits,
and overhead. Estimate the daily cost by dividing the annual cost per team member
by 260 working days.
|
When you have completed the required fields, click Save and continue to risk scenarios.
In the Risk scenarios step, select the risk scenarios to analyze and specify the asset scope for the analysis.
For descriptions of all available scenarios, see Cyber Risk Quantification risk scenarios. A risk scenario consists of:
-
Attack technique: The threat vector or method used in the scenario, such as phishing or business email compromise (BEC).
-
Attack outcome: The type of loss that occurs if the attack succeeds, such as data encryption or data exfiltration.
-
Business resource: The type of data or asset targeted, such as personally identifiable information (PII) or sensitive data.
Recommended scenarios are pre-selected based on your organization's industry and region.
Use the filter tabs to browse scenarios by category or search by keyword to find a
specific scenario.
The Asset groups option specifies the scope of the Cyber Risk Quantification analysis:
-
Whole organization: Analyzes risk across all assets in your organization.
-
Selected asset groups: Analyzes risk for one or more of your specific asset groups defined in Asset Group Management.
When you have selected your scenarios and specified asset groups, click Analyze and quantify cyber risk, then click Continue to confirm and start the analysis.
 |
NoteAnalysis takes several minutes to complete. Results appear on the Cyber Risk Quantification
dashboard when the analysis is complete. You can refine the self-assessment and run
a new analysis at any time after initial results are available.
|