displayName
Cyber Risk Quantification
workflowKind
governance
triggerType
scheduled
typicalCadence
quarterly
complexity
cross-team
description
Quantifies cybersecurity risk in financial terms -- applying FAIR
(Factor Analysis of Information Risk) methodology to model loss event
frequency and magnitude scenarios, aggregating threat intelligence feeds
to calibrate threat event frequency estimates, incorporating
vulnerability scan results and penetration test findings into loss
scenario inputs, running Monte Carlo simulations to generate annualized
loss expectancy distributions, and presenting risk-adjusted ROI analyses
for proposed security investments to executive stakeholders. Produces
cyber risk quantification reports, loss exceedance curves, and security
investment prioritization matrices. Excludes security control
implementation.