Content Pack Data Helper Classifications & Mapping

3 Minutes to read

Article summary

Did you find this summary helpful?

Thank you for your feedback

Content Pack Data Helper Classifications & Mapping

What types of data helpers are provided by RiskLens?

RiskLens provides many data helpers in the Catalog with the Starter content pack. These data helpers are classified into five different types based on their content, origin, and value:

Advanced Modeling
Industry Statistic
Professional Estimate
Template
Generic Range

Data Helper Classifications

The following table describes each classification of data helper.

Classification	Description	RiskLens support
Advanced Modeling	Content pack data helpers that are produced with proprietary modeling developed by the RiskLens Risk Science and Data Science teams by leveraging public and private cyber datasets. These go beyond industry statistics by using advanced techniques to adjust for time and scenario context to translate data to FAIR parameters.	Model review available upon request
Industry Statistic	Published research data and findings are becoming more common in the cyber risk quantification space. RiskLens seeks to surface reliable and trusted cyber data sources containing summary statistics to produce industry-contextualized data helpers. The data sources used may be results of peer reviewed research studies, industry publications, or information sharing organizations.	Provided as-is
Professional Estimate	Through professional services consulting, RiskLens has analyzed thousands of scenarios across hundreds of large enterprises in critical industries such as healthcare, financial services, and technology. The RiskLens’ collective expertise gained from these engagements has contributed to these expert-estimated ranges and decision criteria. These ranges can be used as-is, or refined further to match your specific context.	Provided as-is
Template	The most difficult aspect of data helper creation is identifying the key drivers that impact the estimate and categorizing them in a meaningful way. Drawing on RiskLens' collective expertise, these data helper structures and decision criteria were designed based on the key drivers and differentiators of thousands of real-world scenarios analyzed by the RiskLens professional services consulting team. The scenarios came from services with hundreds of large enterprises in critical industries such as healthcare, financial services, and technology. The templates are populated with default, generic data to be refined by the organization.	Provided as-is
Generic Range	In certain cases, the goal is to complete a scenario with broad, documented assumptions. These data helpers make sense in terms of structured ranges, but are not based on expert knowledge or industry averages. They are designed to allow users to express assumptions about scenarios in a quick, efficient, and consistent manner.	Provided as-is

Starter Content Pack Data Helper Classifications Mapping

Data Helper	Workshop Question	Classification
PII Data Access/Disclosure - Fines, Judgments, and Contractual (SLA) Cost	Secondary Fines and Judgments	Advanced modeling
PHI Data Access/Disclosure - Fines, Judgments, and Contractual (SLA) Cost	Secondary Fines and Judgments	Advanced modeling
PCI Data Access/Disclosure - Fines, Judgments, and Contractual (SLA) Cost	Secondary Fines and Judgments	Advanced modeling

Lost Revenue Due to Outage of Revenue-Generating System	Primary Productivity	Generic range
Capital Asset Replacement Cost (Native)	Primary Replacement	Generic range
Outage /Integrity Event - Fines, Judgments, and Contractual (SLA) Cost	Secondary Fines and Judgments	Generic range
Lost Future Revenue Due to Competitive Advantage Loss	Secondary Competitive Advantage	Generic range
Number of Sensitive Records Compromised	Sensitive Records	Generic range
Capital Asset Replacement Cost (Guided)	Replacement Cost	Generic range
Not Applicable (Primary Fines & Judgments)	Primary Fines and Judgments	Generic range
Not Applicable (Primary Competitive Advantage)	Primary Competitive Advantage	Generic range
Not Applicable (Primary Reputation)	Primary Reputation	Generic range

Not Applicable (Secondary Productivity)	Secondary Productivity	Generic range
Not Applicable (Secondary Replacement)	Secondary Replacement	Generic range
Not Applicable (Integrity Probability of Secondary Loss Occurring)	Integrity Secondary Effects Percentage	Generic range
Not Applicable (Customer Worth)	Customer Worth	Generic range
Loaded Hourly Employee Wage	Employee Wage	Industry statistic
Employee Replacement - HR and Recruiting Costs (Native)	Primary Replacement	Industry statistic
Employee Replacement - HR and Recruiting Costs (Guided)	Replacement Cost	Industry statistic

Incident Management Efforts, in Hours	Person Hours	Professional estimate
Secondary Stakeholder Notification, Response, and Management Cost	Secondary Response	Professional estimate
Lost Future Revenue Due to Customer Churn/Attrition	Secondary Reputation	Professional estimate
Outage /Integrity Event - Probability of Secondary Loss Occurring	Secondary Loss Event Frequency	Professional estimate
Compliant Authentication Strength	Vulnerability	Professional estimate
Compliant Privileges Strength	Vulnerability	Professional estimate
Compliant Structural Integrity Strength	Vulnerability	Professional estimate
Non-Compliant Privileges Strength	Vulnerability	Professional estimate
Data Access/Disclosure - Probability of Secondary Loss Occurring (Native)	Secondary Loss Event Frequency	Professional estimate

Data Access/Disclosure - Probability of Secondary Loss Occurring (Guided)	Confidentiality Secondary Effects Percentage	Professional estimate
Percentage of Suspicious Activity Logged	Loss Event Detection	Professional estimate
Percentage of Logged Suspicious Activity Recognized	Loss Event Recognition	Professional estimate
Outage - Probability of Secondary Loss Occurring	Outage - Probability of Secondary Loss Occurring	Professional estimate
Percentage of Employee Productivity Affected	Effect on Employee Productivity	Professional estimate
Probability of Direct Revenue Loss	Effect on Productivity	Professional estimate
Network Footholds per Year	Threat Event Frequency	Professional estimate
Insider Incidents Per Year (Malicious or Error)	Threat Event Frequency	Professional estimate
Ransomware Detections on Workstations, per Year	Threat Event Frequency	Professional estimate

Web Application Code Exploit Attempts, per Year	Threat Event Frequency	Professional estimate
Distributed Denial of Service (DDoS) Attempts, per Year	Threat Event Frequency	Professional estimate
Remote Code Execution (RCE) Attempts, per Year	Threat Event Frequency	Professional estimate
Unauthorized Cloud Accesses, per Year	Threat Event Frequency	Professional estimate
Network Foothold - Susceptibility to Asset Compromise	Vulnerability	Professional estimate
Insider Error Incident - Susceptibility to Asset Compromise	Vulnerability	Professional estimate
Insider Malicious Incident - Susceptibility to Asset Compromise	Vulnerability	Professional estimate
Insider Misconfiguration Incident - Susceptibility to Asset Compromise	Vulnerability	Professional estimate
Ransomware Detection - Susceptibility to Asset Compromise	Vulnerability	Professional estimate

Web Application Code Exploit Attack Susceptibility	Vulnerability	Professional estimate
Distributed Denial of Service (DDoS) Attack Susceptibility	Vulnerability	Professional estimate
Remote Code Execution (RCE) Attack Susceptibility	Vulnerability	Professional estimate
Unauthorized Cloud Access-Susceptibility to Asset Compromise	Vulnerability	Professional estimate
Outage Duration	Recovery Timeframe	Template
Number of Employees with Productivity Impacted	Affected Employees	Template

For Other Data Helpers, refer this

Was this article helpful?

What's Next

Release Notes v3.23

Table of contents

What types of data helpers are provided by RiskLens?
Data Helper Classifications
Starter Content Pack Data Helper Classifications Mapping