II.
Workflow overview
Reference · liveworkflow:cyber-risk-quantification
Cyber Risk Quantification overview
Quantifies cybersecurity risk in financial terms -- applying FAIR (Factor Analysis of Information Risk) methodology to model loss event frequency and magnitude scenarios, aggregating threat intelligence feeds to calibrate threat event frequency estimates, incorporating vulnerability scan results and penetration test findings into loss scenario inputs, running Monte Carlo simulations to generate annualized loss expectancy distributions, and presenting risk-adjusted ROI analyses for proposed security investments to executive stakeholders. Produces cyber risk quantification reports, loss exceedance curves, and security investment prioritization matrices. Excludes security control implementation.
Attributes
displayName
Cyber Risk Quantification
workflowKind
governance
triggerType
scheduled
typicalCadence
quarterly
complexity
cross-team
description
Quantifies cybersecurity risk in financial terms -- applying FAIR
(Factor Analysis of Information Risk) methodology to model loss event
frequency and magnitude scenarios, aggregating threat intelligence feeds
to calibrate threat event frequency estimates, incorporating
vulnerability scan results and penetration test findings into loss
scenario inputs, running Monte Carlo simulations to generate annualized
loss expectancy distributions, and presenting risk-adjusted ROI analyses
for proposed security investments to executive stakeholders. Produces
cyber risk quantification reports, loss exceedance curves, and security
investment prioritization matrices. Excludes security control
implementation.
Outgoing edges
applies_to_domain2
- domain:cybersecurity-grc·DomainCybersecurity GRC
- domain:security·DomainSecurity
involves_role3
- role:security-reviewer·RoleSecurity Reviewer
- role:data-scientist·RoleData Scientist
- role:engineering-manager·RoleEngineering Manager
performed_by_org_unit2
- org-unit:security-team·OrgUnitSecurity Team
- org-unit:risk-management-team·OrgUnitRisk Management Team
requires_skill_area2
- skill-area:python-data-pipelines·SkillAreaPython Data Pipelines
- skill-area:incident-response·SkillAreaIncident Response
triggers_responsibility2
- responsibility:threat-modeling·ResponsibilityThreat modeling
- responsibility:cost-optimization·Responsibility
Incoming edges
None.