Meet Risk Intellect
Reciprocity® Risk Intellect is a new risk-analysis tool that, when used with the Reciprocity ZenGRC® platform, provides insight on the impact your compliance programs have on your cyber risk posture. By mapping your current compliance control assessments to cyber risks, it provides immediate context and visibility into which cyber risks and controls offer the greatest opportunity for reducing risk.
Michael Maggio, EVP of Product at Reciprocity, sat down to tell us a bit more about Risk Intellect.
Why did you create Risk Intellect?
I regularly see organizations struggling to mature their cyber and IT risk management practices beyond conducting risk assessments. Therefore, I was looking for ways we could leverage our current customers’ investment in an easy and powerful way to bridge into risk. Working with my Product Management team, we realized we could leverage industry taxonomies, such as the Secure Control Framework (SCF) to give us the foundation for that bridge. This relationship was the genesis of what has become Risk Intellect.
What is unique about it?
Risk Intellect directly derives an initial risk register from the specific implementation of a compliance framework. It demonstrates the value of compliance in the context of how that framework works to reduce the overall risk of the business operation that the framework is targeting.
How does it work with Reciprocity ZenGRC?
Risk Intellect uses the control information collected from a specific compliance framework that our customers have completed and uses the relationships established between controls and risks within the SCF to produce a weighted risk register aligned with the seven risk categories within the SCF.
We then leveraged our GRC experts within Reciprocity to give each risk object within the register an inherent risk score, and based on the level of implementation of the related controls, calculated a residual risk score.
Our experts also provided target risk scores to provide a starting point in benchmarking their residual risk. We then allow the user to manipulate various attributes about each risk, such as the likelihood or severity of the risk specific to them to see the impact on the overall risk score.