Insurance Risk Control


CyCalc Suite

Quantar CyCalc Suite is composes of 3 modules; Network Operational Risk Manager (n-ORM); Predictive Analytics Engine (PAE), and Internet Protocol Threat Assessment System (IPTAP)

Platform

Quantar’s application Suite is composed of three modules that operate to capture threat data, analyze and value the risks of your company being connected to the internet.

The IPTAP data acquisition systems acquires, aggregates and identifies those cyber and privacy threats posed to your business, taking actual cyber threat data and utilizes industry-standard methods of prioritizing and calculating targeted assets owned by your enterprise.

Our patented system technology acts covertly and does not penetrate your confidential and proprietary data.

Taking actual company-specific cyber threat data ensures accuracy and appropriateness when analyzing and predicting current and future trends. Quantar’s applications comprise two multi-model analytic modules for threat data analysis.

The first of these solutions, Network Operational Risk Manager (n-ORM),identifies which business processes would be affected by a successful attack and calculates the financial losses that would result.

The cost-benefit assessment function enables financial evaluation of implementing various cyber risk mitigation options.

The second module of the analytics suite, Predictive Analytics Engine (PAE), allows users to use different statistical analysis methods for the same sets of cyber threat data.

This enables your business to set your enterprises risk appetite or regulatory compliance thresholds and actively monitor actual and ongoing cyber/privacy threat exposure levels. Each module has a print to store functionality for all cyber and privacy risk data plus financial exposure over any period selected.

Quantar’s application reporting provides easy to understand cyber risk exposure report, together with any risk reduction actions over a user-defined period.

The applications suite enables your enterprise to optimize all cyber and business continuity programs.

Built-in RAG (Red; Amber; Green) warning systems enable a simple visual check of the current cyber risk exposure level and whether this is still within the defined limits prescribed by senior management or by the regulatory environment.

With CyCalc Suite, we can assist your business to:

  • implement a self-documenting operational risk valuation infrastructure integrating actual organization-specific threat data & user defined data into a single repository for cyber risk management & for regulatory compliance
  • adopt consistent cyber threat operational values-at-risk methodology throughout your organization
  • create group-wide overviews of your business process and technology interdependency cyber threat operational risks; provide the requisite levels of transparency and traceability for regulatory authorities and to simplify calculation explanations to satisfy auditors
  • enhance capital allocation efficiencies through modeling “what-if” scenarios for cyber threat risk mitigation options, maximizing your enterprises business efficiencies
  • reduce the costs of regulatory compliance through eliminating expensive duplications of cyber threat risk management & compliance functions into a single, integrated solution.

 

 


 

 

Network Operational Risk Manager (n-ORM)

 

Quantar’s Network Operational Risk Manager (n-ORM) combines four distinct functionalities into a consolidated tool to enable all businesses to measure and generate a cyber financial value at risk for the interconnectivity between corporate networks and the internet.

  • Use n-ORM to calculate your organization’s financial cyber threat exposure in an easy to understand and simple to use manner.
  • Understand which business processes are the most vulnerable and have the highest loss impact upon your organization.
  • View the historical trend of cyber threat risk exposure simply using the graphical output or tables to ensure tomorrow’s threats are accounted for.
  • Utilize the risk mitigation calculation engine to calculate the ROI for each risk mitigation action available to you and optimize capital expenditure allocation.
  • Combine the output from n-ORM with Predictive Analytics Engine in determining the level of risk you wish to reduce through insurance or alternative risk transfer.
  • Create pro-active strategies for managing cyber threat value-at-risk into future time periods.
  • Account for cyber and non-cyber impacts upon business processes from occurrences such as power outages, fire, floods, and insider attacks.

n-ORM delivers traffic capture, packet analysis, process mapping, and an algorithmic engine into a single, easy to use product, for the benefit of senior management, I.T. security teams, risk management and/or business continuity teams, plus audit and compliance units.

Configuration is divided into automated determinants, as well as manual inputs from the user, to derive a cyber threat financial value-at-risk. The ability of the application to import previous scenarios, multiple business process maps and handle multiple languages results in a quick and efficient method of ensuring an organization’s risk exposure is aligned with the stated levels of risk appetite set by senior management and can also be utilized for ensuring compliance with current and emerging regulations.

From n-ORM V4.3 onwards has had a multi-language capability option, including Cyrillic character sets such as Arabic and can therefore be utilized in multi-locations where there are differences in local languages.

n-ORM also benefits from the “what-if” functionality for capital budgeting and cost-benefit analysis of independent risk management mitigation actions. This component of the application delivers an easy to understand, visual representation of how a cyber threat value-at-risk exposure may be reduced by single or consecutive mitigation actions until the desired cyber threat value at risk for your organization is achieved.


 

 

Predictive Analytics Engine (PAE)

 

Network operational risks are those associated with virus attacks, targeted attacks (hacking) and physical attacks (damaging or immobilizing technology infrastructure).

Quantar’s Predictive Analytics Engine (PAE) uses quantitative modeling techniques, enabling a quantification of risk metrics for such attacks. These are then utilized in the calculation of the cyber threat Value at Risk, risk-capital measures and also the associated cost of mitigation insurance.

For the first time, your organization has the financial loss exposure caused by cyber threats actually experienced available to risk manage such potential financial losses. Predictive analytics of your network attack data creates forward looking financial values at risk, facilitating pro-active cyber risk management strategies and pre-emptive actions to be formulated.

Having current and future predictive values provides the means to evaluate capital allocation efficiencies for cyber threat management. Having a current I.T. security capability today does not mean it will remain static against future cyber threats. PAE gives you the power to forecast security requirements into future periods.

PAE analytics provide greater stochastic modeling capabilities than those within n-ORM and are able to compute a wider range of analytical measures aimed at meeting new and emerging requirements for stress testing of risk models.

The system comprises a primary three-phase approach to modeling, with these being a time-series component, a risk calculation component and a post processing layer. Within phase one, there are a number of optional features that may be enabled or disabled by the end-user, these being:

  • Utilizing a linear or an exponential process model
  • A normal or weighted data model whereby the most recent data has a higher degree of importance in the forecast and simulation
  • A standard least squares or a robust model to take account of the particularities of cyber attack data.

Within the second phase, a Monte Carlo simulation model is utilized which takes a range of input and configuration data and computes risk distributions.

The calculation engine generates probability distribution functions, enabling various statistics to be drawn and utilized within the system in deriving the financial quantification of the cyber threats experienced by your organization as those for future periods.


 

 

Internet Protocol Threat Assessment Program

 

Quantar’s Internet Protocol Threat Assessment Program (IPTAP) acquires threat and risk data specific to your enterprise, utilizing our patented methodologies, to ensure accuracy and appropriateness of data for effective cyber threat risk management.

Internet Protocol Threat Assessment Program captures inbound network traffic and detects and stores attack information.  Placement of the system is external to your organization’s network security perimeter within the DMZ.

With this location, it is important that the system is not compromised; the system is not directly addressable. Quantar patented a methodology in 2002 that enables the system to be managed remotely, without being placed in the position of being attacked.

Other vendors utilize cloud-based application hosting, leaving potential for compromise in a number of ways. Indeed cloud threats are one of the drivers for the need to accurately value cyber threats. For this reason, out back-end systems are NOT connected to your organization’s network directly and constantly.

IPTAP generates temporal profiles of attacks and these are exported in xml file format via fileswap or web for use by n-ORM; PAE or third party applications for inputs of your organization’s actual threat events exposure. Quantar’s applications and methodologies utilize your organization’s proprietary data in deriving your cyber value at risk, combined with other external data.

The IPTAP system does not capture and store the content within packet data, since this can create regulatory compliance and privacy issues – particularly for organizations operating or servicing the E.U. market.

The output data of IPTAP can also be used for fine-tuning perimeter defenses and as historic OpRisk data for audit and compliance.