ThreatConnect Risk Quantifier App for ServiceNow Risk Management Product

Hello, and welcome. In this video, I will illustrate the value of the new ThreatConnect RQ app within the ServiceNow GRC and how easy it is to get immediate value from the integration as part of your risk management program. The RQ app integration can be accessed within the risk workspace of your ServiceNow GRC.

To begin, let’s look at how to utilize the RQ app when creating a new risk by navigating to the “Create” dropdown and selecting “Risk.” From here, we can complete the required fields as identified by the assets. So, we’re going to fill out the name, we’re going to select the entity for the risk, and we’re going to sync with the entity owner so the owner is automatically populated under the ownership section. We can also inherit the risk from a risk statement if we choose, or we can identify the risk statement here on the dropdown.

We can further scroll down to get to the RQ configuration, where we can model what is at risk. Now, we’re looking at data types for a data breach, as well as revenue that’s at risk, which would be associated with a DoS and a ransomware event. So, we’re going to model a large enterprise here. Once we save, we’re going to add some additional information and run the RQ analysis. These risk results will be populated on the details tab for the risk. Let’s go ahead and click save.

Once that’s saved, we can now add controls to our risk. We can navigate to the “Controls” tab and add any and all controls that are associated with the entity that was included in the scope. So, we’re going to select all the controls and include this in the analysis. Once there, we’re done. We can save and run the analysis. As that’s running, we’re going to navigate to a risk that’s already been performed by selecting the list icon on the left-hand side and selecting the risk we wish to view.

Let’s take a first look at the “Overview” tab, where we can see the description and the stage of the analysis. We can also click on the details and look at the configuration that we had, as well as the RQ configuration and a high-level view of those results, including both the inherent and residual risk of the SLE. Loss magnitude, or single loss expectancy, is the amount you would expect to lose if the events were to occur. The ALE is that cost annualized, which is a combination of the SLE and the frequency in which those events would occur, as calculated by ThreatConnect.

Now, we can dive further into these details by clicking on the tabs at the top. Under “Loss Magnitude,” we can see the loss distribution from a minimum, most likely, and maximum, which corresponds to the 25th, 50th, and 75th percentiles. This gives you a range of losses for each attack type, such as data breach, DoS, and ransomware, as well as a breakdown of that attack type in terms of loss type. Because we have PCI data, PII data, and PHI data, the ThreatConnect RQ app provides a breakdown of those loss types and how much they would be when the event occurs, and then again annualized, which takes into account the frequency in which these attack types would occur, as calculated by ThreatConnect.

One of the biggest values of this application is the “RQ Mitigations” tab. This feature provides an inherent ALE reduction, or how much risk would be reduced if the associated control was improved from a non-compliant status to a compliant state. This allows you to prioritize your controls by financial risk reduction to see which controls have the most significant impact on reducing risk, thereby enabling better decision-making from your ServiceNow GRC.

Please feel free to reach out with any questions or to learn more about the ThreatConnect RQ. Thank you.