Probity helps Corporate Executives and Public Officials quantify the enterprise/national impact of cyber risk.
CEO’s Cyber Risk Dilemma:
80% of cyber-crime may be managed by responsible IT hygiene.
But how do we cope with systemic risks and exploitable vulnerabilities - from nation states or organized crime - which present high-impact enterprise consequences:
- Affecting financial statements and SEC filings.
- Eroding shareholder, donor and public confidence.
- Inciting legal and regulatory action.
(How) can we quantify consequences to allocate resources commensurate with exposure?
Agency Director’s Cyber Risk Dilemma:
Mission critical systems have become complex cyber systems-of-systems, which give rise to new systemic risks and exploitable vulnerabilities.
The sophistication and frequency of APTs strain the financial, human and technical resources needed for prompt detection and response.
That changes everything.
(How) can we triage risk from financial, political and mission consequences, to focus limited resources on the most impactful incidents?
What We Do
Executive Risk Workshops and Risk Management Master Classes show business and government leaders how to quantify the financial, reputation(geo-political), legal and mission consequences of cyber risk.
- To enable Financial, Energy and Healthcare executives to contain risk management expenditures, and manage legal and reputation risk.
- To focus national security watch operation resources and facilitate the evolution of resilient system architectures to survive the most impactful outside or inside intrusions.
How We Do It
Gradient™ method combines system
engineering approaches of Failure Modes
Effects Analysis (FMEA) and Sentiment Analysis totrack incidents “from adversary to wiring closet to Boardroom/Situation RoomSM" - quantifying financial and stakeholder reactions affecting enterprise, shareholder and national security interests.
- Executive workshops & master classes show how to identify and measure enterprise-level cyber risks.
- Consequence analysis provides quarterly cyber-risk reports, disclosure options and triage protocols.