Rev2 Networks

Frequently Asked Questions

What is Enterprise Risk Management?
ERM is the process by which senior executives identify, analyze and respond to operational risks that might impact the organization’s business objectives. Starting with clear goals, an effective ERM program requires organizations to identify the potential risk concentrations that need to be managed. Each individual vulnerability needs to be consistently evaluated against a common scale to create a normalized risk score.

What is RiskView?
RiskView® is a software application that incorporates a risk data warehouse and visualization engine. It helps our customers to discover and prioritize risks hidden within business silos. RiskView combines the elements of today’s various ERM disciplines into one all-encompassing, scalable, repeatable framework. RiskView enables our customers to find material risks from diverse risk-management disciplines, including Information Security (InfoSec), Governance, Risk & Compliance (GRC), Service Assurance, Business Continuity, Programs & Processes, Supply Chain and Product Defect.

Who uses RiskView?
Our customers are C-level executives responsible for protecting their company’s bottom line. RiskView was designed to support the decision process of C-level executives, including CEOs, CFOs, CTOs, CSOs, and CROs (Chief Risk Officers). The markets in which the RiskView solution has demonstrated value include:

• Service Providers, where it helps prioritize preventative maintenance to minimize outages and improve services.
• Manufacturing, where it unearths hidden vulnerabilities in the supply chain.
• Financial Services, where it correlates risk data collected from corporate silos across the enterprise.
• Government, where it correlates and prioritizes vulnerabilities from diverse areas and programs in the organization.

Why RiskView?
Without this next-generation software, executives would only see isolated tips of the risk iceberg – and they may not be able to avoid colliding with it. Using a sophisticated visualization engine, RiskView makes material risks stand out so they can prioritize them.

What are material risks?
An organization’s potential vulnerabilities are found in material concentrations of risk. A critical advantage of RiskView is that it uses Risk Concentration Analysis™ to classify risk data in a meaningful way that enables our customers to see these concentrations. These “risks that matter” become evident when each risk is considered in the context of all risks throughout the organization.

What is Risk Concentration Analysis™ (RCA)?
The primary differentiator of the RiskView solution is that it determines where there are concentrations of risk. With RCA, material risks emerge when correlating risks from all silos and considering each in context. This approach yields a Materiality Score, making it easy to recognize and prioritize material risks – the risks that matter.

What is a Materiality Score?
The RiskView engine assigns a Materiality Score to each risk across our customers’ organizations, enabling material risks to stand out from the rest. After collecting vulnerability data from throughout the business, RiskView assigns a score to each “risklet” that reflects its likelihood to cause a problem – as well as the impact that problem would cause. RiskView was designed to address the reality that the same risks have multiple impacts on the business.

The Materiality Score is influenced by up to three factors:

• Exploitability: the probability that it might be attempted or exist in the environment,
• Susceptibility: the probability that one might be affected by it,
• Impact: how costly an event would be to the business.

How does RiskView work?
When visualized in RiskView, the risks that represent the greatest business vulnerabilities will stand out from the rest. This helps our customers identify risks and test controls in the context of all other risks, as opposed to looking at risks in isolation. This identifies, for example:

• Chronically misbehaving devices,
• Recurring problems specific to a geographic region or departmental silo,
• Problems in maintenance programs that are impacting the business and could escalate,
• Execution risks that span complex programs and processes.

RiskView takes on the monumental task of:

• Collecting all risk data,
• Normalizing it into a common format and language so it can be compared, and then
• Assigning a Materiality Score to each risk.

How is RiskView deployed?
The RiskView framework can be deployed as either an onsite server-based application or as a secure cloud-based SaaS (Software as a Service) application. RiskView elements include a highly extensible cache and store risk data warehouse, data source adapters, data I/O, analytics, a visualization tool and web services.

What differentiates RiskView from currently available solutions?
RiskView distinguishes itself in several ways:

• Most available tools focus on Operations. and IT. RiskView was designed to support the decision process of C-level executives.
• RiskView analytics, while based on standards, have been extended to accommodate these senior executives by including impact values and classifications, such as Legal, Financial, and Reputational risks.
• RiskView considers both the raw score of each vulnerability and the business role of the asset on which it exists. This mapping is critical, since the same vulnerability on a desktop or on a server, for example, could have very different business impact.
• RiskView’s radar chart is innovative and allows our customers to quickly isolate “outliers.” Outliers can be vulnerabilities driving disproportionate total risk, those with unusual profiles, etc.
• Correlations break down business silos.

Who is Rev2?
Rev2 is the leading provider of next-generation risk management solutions. RiskView solutions enable our customers to identify the risks that represent the business’s greatest vulnerabilities, and address these vulnerabilities before they impact the bottom line. This provides them with an unprecedented competitive advantage by helping them to maximize the realization of existing business opportunities. Our customers typically realize ROI within weeks.

Contact us today for a Proof of Concept tailored to your business: 400 Columbus Ave., Suite 240E, Valhalla, N.Y. 10595, 914.614.8600. http://rev2.com, inforev2com.

Copyright © 2011, Rev2. All rights reserved. The RiskView® application is a registered trademark of Rev2. All other trademarks in this document are the properties of their respective owners.