top of page

X-Analytics Profile Builder 2.0

Jul 22, 202412 min read

Updated: Aug 1, 2024

So far, the fastest and easiest way to create a profile within the X-Analytics application.




For Those of You New to X-Analytics.

You will enjoy the simplicity of Profile Builder 2.0. You just need to answer simple questions to correctly understand your cyber risk condition. Within a few minutes, you will have access to all of your X-Analytics insights, reports, and tools to make informed cyber risk decisions.

To see how easy it is to build a profile, log into your X-Analytics application, go to the Profile Center, and select Getting Started.



For Those of You Already Using X-Analytics.

You will enjoy the new and improved functionality, the direction association between inputs and outputs, and the new and improved efficiency to build new profiles.

During the week of July 15th, we automatically migrated your current profiles from Profile Builder 1.0 to Profile Builder 2.0. We encourage everyone to review your profile(s) to ensure your profile(s) best represent your organization. This is a great time to update annual revenue, record volumes, endpoint volume, revenue recapture capabilities, and many other important details. As part of this migration, we moved away from legacy profile techniques to "new" profile techniques that better represent current cyber exposure and cyber risk.

Your Customer Success Team will review each of your profiles to help guide you to the profile sections that require update or confirmation. As always, if you have any questions, please reach out to your Customer Success Team.

To see the new and improve Profile Builder 2.0, log into your X-Analytics application, go to the Profile Center, and explore Getting Started, Further Details, and Cyber Insurance (if applicable).



What is Profile Builder 2.0?

Profile Builder 2.0 is the component of X-Analytics that enables you to create a cyber risk profile for your organization, sub-organization, critical business applications or processes, or any other measurable entity within your organization.

Profile Builder 2.0 is a new and improved method to build your cyber risk profile. For ease of use, it is divided into three sections: 1. Getting Started, 2. Further Details, and 3. Cyber Insurance. Each section will guide you through a set of questions to ensure you correctly understand your cyber risk condition.

The Getting Started section captures basic information, which is industry vertical, revenue, operating region(s), operating hours, and number of employees. Answer these questions, select submit, and you will have access to your initial X-Analytics insights.

You might be asking yourself, "How is that possible?", "How do I already have my initial cyber risk condition by just answering five basic questions?".

It is possible because of the new and improved method within Profile Builder 2.0. Profile Builder 2.0 leverages default values within the Further Details section and Cyber Insurance section to help you make cyber risk decisions faster. The default values are preselected values adopted by the X-Analytics application when no alternative is specified by the user.

If you believe the default values don't best represent your profile, then please go into the Further Details section and Cyber Insurance section, read through the questions, change from default answers to answers that best represents your profile, and click Save & Submit.



What Changed from Profile Builder 1.0 to Profile Builder 2.0?

With direct feedback from customers, we invented an easier and more intuitive interface to replace the clunky design of profile builder 1.0. Additionally, we removed complicated questions that were hard to answer, we improved some questions to give you more flexibility in the answer, we added new questions that better represent the current cyber exposure landscape, we improved backend functions so you can easily see how each question modifies cyber exposure by clicking Save & Submit, we added default values to ease the input to output process, and we categorized questions by cyber exposure category to align inputs to outputs.

Less Questions: Not including cyber insurance questions, Profile Builder 2.0 introduces a 50% reduction in questions. This reduction greatly eases the burden of creating a profile so that you can get to your insights to make informed decisions faster.

Improved Questions: In certain areas, like Threat Likelihood, Profile Builder 2.0 gives you greater flexibility to define a cyber exposure condition that best represents your profile. We want you to have confidence in your profile so that you have confidence in your insights to make informed decisions.

New Questions: Since the cyber world continues to change, we also must change. Therefore, we added some new questions to better define your cyber exposure landscape. We believe you will appreciate these updates.

Immediate Cyber Exposure Calculations: Upon each Save & Submit, you will see how your cyber expsoure is changing directly within the Profile Builder. You no longer need to bounce from Profile Builder to Cyber Risk Condition report to see what is changing. This incredible update helps you see the direct connection between inputs and outputs.

Default Values: We never like it when someone gets stuck in the process of builder their profile, especially if they get stuck because they don't know the answer to a question. To prevent getting stuck and to help you get to insights faster, we introduced default values within Profile Builder 2.0. Default values are preselected values adopted by the X-Analytics application when no alternative is specified by the user.

Question Categories: To better align inputs to outputs and to make the entire process easier, Profile Builder 2.0 expands Further Details into intuitive categories. These intuitive categories are Data Breach Information, Business Interruption Information, Ransomware Information, Misappropriation Information, Asset Applicability, Threat Likelihood, and Business Interruption & Ransomware Addendum. With this update, you can easily understand why each question is relevant in building your cyber exposure profile.



Why Do I Even Need to Build a Profile?

In the traditional world of cyber risk management, including third party vendor management, many people think that cyber risk is a measurement of cyber maturity, threat activity, vulnerability scores, risk observations, and many other factors. However, those factors could easily be misrepresented or misinterpreted without a direct association to the organization's cyber exposure landscape.

Your cyber exposure landscape is the real reason why anything related to cyber risk matters. Since cyber risk is a cost to the business, then that cost must be justified in relation to the risk that it is reducing. Those risks could be data breach, business interruption (or disruption), ransomware, and/or misappropriation.

X-Analytics, with the help of Profile Builder 2.0, helps you build your cyber exposure profile and connects your factors so that you can truly observe and manage your risk cyber.



The X-Analytics Profile Center.

This X-Analytics Profile Center is where you start your journey into X-Analytics. This is where you can start building your cyber exposure profile, answer governance questions, and answer control framework questions.


To get this process started, please select Getting Started within the Profile Builder section.



Getting Started

Within the Getting Started section, you just need to answer some basic questions about your organization or entity in which you are building a profile.


There are five questions in this section. Upon the completion of these questions, you will have preliminary access to your X-Analytics insights.

  1. Industry Vertical: this question informs threat likelihood and cyber exposure cost values. You can also select to create a hybrid industry vertical, which is a selection of more than one industry vertical for your profile.

  2. Annual Revenue: this question informs business interruption, ransomware, and misappropriation cost values, and this question serves as a basis to show your cyber exposure as a percent of annual revenue.

  3. Operating Hours: this question informs business interruption and ransomware cost values.

  4. Operating Regions: this question informs data breach and misappropriation cost values.

  5. Number of Employees: this question informs misappropriation cost values.



Further Details

Within the Further Details section, you can work your way through each sub-section sequentially or just navigate directly to the sub-section that you need to review and update. All Further Detail questions have a default value until you decide to provide a user-specific answer.



Further Details - Data Breach Information

Within the Data Breach Information sub-section, there are a few question to tailor your data breach exposure.


There are three questions in this sub-section. Each question has a default answer until you decide to change it.

  1. Total Record Volume: this question informs applicability within in the data breach exposure table. The tables starts with 1,000 records and ends with 10 billion records. (Default value: based on average size of data breach across all industries, which is between 100k and 500k records.)

  2. Record Type Mix: this question informed data breach cost values. This question includes sub-questions for customer PII records, employee PII records, anonymized data records, PCI records, and other corporate data. (Default values: all records are turned on because there is no way to determine if on record type should or should not exist for any profile.)

  3. PCI DSS Certified: this question informs control effectiveness for PoS Intrusion and Skimming. (Default value: PCI certification if off until confirmed by user that PCI Certification is true.)


Special Note: Due to many of our data sources categorizing PHI and PFI breaches within the PII record type, we expanded the cost value of PII records to include PHI, PFI, and many other information types.



Further Details - Business Interruption Information

Within the Business Interruption Information sub-section, there are a few question to tailor your business interruption and ransomware exposure. Ransomware is impacted by this sub-section since ransomware includes a business interruption component.


There are two questions in this sub-section. Each question has a default answer until you decide to change it.

  1. Revenue Re-Capture: this question informs business interruption and ransomware cost values. Specifically, this question indicates how much revenue can be recaptured post a disruption incident. This question is divided into two sub-questions. (Default values: Revenue recapture is turned off until specific by user since every business has a unique ability with revenue recapture.)

  2. Revenue Dependency: this question informed business interruption and ransomware cost values. This question is divided into four sub-questions. (Default values: based on statistical data across all industries.)



Further Details - Ransomware Information

Within the Ransomware Information sub-section, there are a few questions to tailor your ransomware exposure.


There are two questions in this sub-section. Each question has a default answer until you decide to change it.

  1. Number of Endpoints: this question informs ransomware cost values. (Default value: based on statistical data across all industries.)

  2. Ransom Payment: this question informed ransomware cost values by indicating if your organization will or will not pay an extortion (ransom). (Default value: Ransom payment is turned on until specific by user since most organization's consider paying the extortion.)


Special Note: If more and more organizations decide not to pay the extortion, then maybe ransomware-based attack methods will diminish in the future.



Further Details - Misappropriation Information

Within the Misappropriation Information sub-section, there are a few question to tailor your misappropriation exposure.


There are three questions in this sub-section. Each question has a default answer until you decide to change it.

  1. Estimated Intellectual Property Value: this question informs misappropriation exposure specific to intellectual property. If intellectual property is not applicable, then select "no intellectual property". (Default value: based on statistical data across all industries.)

  2. Estimated Daily Electronic Payment Transaction Value: this question informs misappropriation exposure specific to fund transfer fraud. If intellectual property is not applicable, then select "no intellectual property". (Default value: Calculated by system based on your profile's annual revenue.)

  3. Fraud Countermeasures: this question informs misappropriation probability and cost values. This question includes 12 sub-questions. (Default value: All fraud countermeasures on turned on since most electronic payment providers automatically include these countermeasures.)



Further Details - Asset Applicability

Within the Asset Applicability sub-section, there are a few question to tailor cyber exposure applicability by defining risk scenario applicability.


There are ten questions in this sub-section. Each question has a default answer until you decide to change it.

  1. Web Applications: this question informs web application attack applicability. Web application attacks is one of 10 threat categories within X-Analytics. (Default value: based on industry selection.)

  2. Point of Sale (PoS) Systems: this question informs point-of-sale intrusion and skimming applicability. (Default value: based on industry selection.)

  3. End User Systems: this question informs end user system applicability. End user systems is one of 11 asset groups within X-Analytics. (Default value: based on industry selection.)

  4. Terminals: this question informs terminal applicability. (Default value: based on industry selection.)

  5. Removable Media and Offline Data: this question informs removable media and offline data applicability. (Default value: based on industry selection.)

  6. ICS, SCADA, and OT: this question informs ICS, SCADA, and OT applicability. (Default value: based on industry selection.)

  7. Healthcare Devices: this question informs healthcare device applicability. (Default value: based on industry selection.)

  8. Onboard Systems: this question informs onboard systems applicability. This includes systems that are used to control or help navigate airplanes, cars, trucks, tractors, trains, ships, and other vehicles. (Default value: based on industry selection.)

  9. Critical IoT: this question informs critical IoT applicability. (Default value: based on industry selection.)

  10. Non-Critical IoT: this question informs non-critical IoT applicability. (Default value: based on industry selection.)



Further Details - Threat Likelihood

Within the Threat Likelihood sub-section, there are a few question to tailor cyber exposure by defining your threat landscape.


There are ten questions in this sub-section. Each question has a default answer until you decide to change it. The default value is from the monthly industry threat baseline.

  1. Web Application Attack: this question informs web application attack threat value. (Default value: based on industry selection, changes monthly based on updates to the industry threat benchmarks within X-Analytics.)

  2. Point of Sale Intrusion: this question informs point of sale intrusion threat value. (Default value: based on industry selection, changes monthly based on updates to the industry threat benchmarks within X-Analytics.)

  3. Insider and Privileged Misuse: this question informs insider and privileged misuse threat value. (Default value: based on industry selection, changes monthly based on updates to the industry threat benchmarks within X-Analytics.)

  4. Miscellaneous Error: this question informs miscellaneous error threat value. (Default value: based on industry selection, changes monthly based on updates to the industry threat benchmarks within X-Analytics.)

  5. Physical Theft and Loss: this question informs physical theft and loss threat value. (Default value: based on industry selection, changes monthly based on updates to the industry threat benchmarks within X-Analytics.)

  6. Crimeware: this question informs crimeware threat value. Crimeware includes ransomware. (Default value: based on industry selection, changes monthly based on updates to the industry threat benchmarks within X-Analytics.)

  7. Physical Card Skimming: this question informs physical card skimming threat value. (Default value: based on industry selection, changes monthly based on updates to the industry threat benchmarks within X-Analytics.)

  8. Cyber-Espionage: this question informs cyber-espionage threat value. (Default value: based on industry selection, changes monthly based on updates to the industry threat benchmarks within X-Analytics.)

  9. Denial of Service Attack: this question informs denial of service attack threat value. (Default value: based on industry selection, changes monthly based on updates to the industry threat benchmarks within X-Analytics.)

  10. Everything Else: this question informs everything else threat value. Everything else includes all incident patterns that are unknown or unclassified. (Default value: based on industry selection, changes monthly based on updates to the industry threat benchmarks within X-Analytics.)


If you decide to move away from the industry threat baseline, then you have the following choices for each threat category: (The threat scale is 0 to 10, 0 equal no threat, 5 equals moderate threat condition, 10 equals very high threat condition)

No Threat = threat value becomes 0.00

Very Low Threat = threat becomes 1.25

Low Threat = threat becomes 2.50

Low-Moderate Threat = threat becomes 3.75

Moderate Threat = threat becomes 5.00

Moderate-High Threat = threat becomes 6.66

High Threat = threat becomes 8.32

Very High Threat = threat becomes 10.00


Special Note: If you decide to override the industry threat values with user-specific values, then we highly recommend that you review and update your user-specific values monthly.


Logical Steps to Provide User-Specific Threat Values

We make it easy for you by updating the industry threat baseline monthly. This way, you don't have to think about measuring or updating your threat condition. You can spend your time focusing on other risk management tasks.

However, if you are moving away from industry threat baselines, then we recommend the following logical steps:

  1. Not Applicable: Review each threat category to determine if a particular threat category is not applicable to your profile. If a threat category is not applicable, then change the value to "No Threat".

  2. User-Specific Overrides: Review each threat category to determine if you have subject or objective data that better aligns to your profile than in industry default value. If you do have better data, then you will need to convert your data to a 10 point scale to determine which answer best represents your threat condition per threat category.


Converting Your Data to a 10-Point Threat Scale

Converting your subjective or objective threat data to a 10-point scale is straightforward. The average threat volume (or frequency), amongst all threat categories, represents a 5.00 (or Moderate) on the 10-point scale.

If a certain threat category is above average, then it will be between Moderate up to 10.00 on the scale.

If a certain threat category is below average, then it will be between 0.00 up to Moderate on the scale.

Once you establish a baseline value per each of the ten threat categories, then you can leverage a monthly threat modifier to see how much threat is changing per each threat category per month. The modifier could be something like this:

Baseline Value = 3.75 (or Low-Moderate), based on a threat volume that is 67 events per month.

Most Recent Monthly Event Value = 187 events.

Monthly Modifier Formula = ( Most Recent Monthly Value - Baseline Value ) / Baseline Value

Monthly Modifier = ( 187 - 67 ) / 67 = +1.79

Monthly Modifier Added to Baseline = 3.75 + 1.79 = 5.54

New Monthly Threat Selection = Moderate threat condition since 5.54 is closer to Moderate than Moderate-High threat.


Further Details - Business Interruption and Ransomware Addendum

Within the Business Interruption and Ransomware Addendum sub-section, there are a few question to further tailor business interruption and ransomware exposure.


This sub-section should only be used by advanced users that understand how service level agreements (SLAs) impact revenue recapture.

This section does not include default values.



If you need more support?

Then please contact your Customer Success team member. Your customer success team member will provide you with the answers you seek and will help you build a sucessful profile.

Tags:

 

Comments

bottom of page