Calibrated Risk Index®
The CRI process begins with a series of calibrations to determine the scale and context of various risk inputs such as threats, impacts, and the assets (e.g., physical plant, monetary, cyber, intellectual property, etc.) that are important to your organization. We then gather data about vulnerabilities that can be exploited by each threat and currently in-place controls to mitigate those vulnerabilities. From there, we run a series of sophisticated calculations that provide a rating for each risk.
We are constantly improving CRI and the latest version uses a proven computational algorithm to determine the probability that a given risk will come to fruition. This answers the question, “how likely is it that this risk will occur?” and provides organizations with greater clarity to make informed risk decisions.
This provides a framework where organizations can conduct “what-if” analyses to objectively determine how changes in the control environment affect a given risk.
The result is that organizations can determine whether their current control investments are paying off and make informed decisions about whether or not to invest in control enhancements.
CRI achieves this through the use of Controls Catalogs based on various laws, regulations, and international standards. We have controls catalogs for: Assura’s security professionals are experts in compliance with laws, regulations and standards such as:
Other Controls Catalogs are being developed every day.
CRI can be used to measure risks in all parts of an organization’s ecosystem including:
- Business Strategy
- Financial Strategy
- Internal Financial Controls
- Products and Services
- Information Technology Strategy and Projects
- Information Protection and Cybersecurity
- Business Continuity and Continuity of Operations
- Occupational Safety and Health
- Political Environment
- Regulatory Environment