Release Date: October 21, 2022

What’s New

This release includes updates to comparison assessment reporting, a refresh of fines and judgments data helpers in the Starter and Healthcare Payer content packs, and quality of life improvements for comparison assessments and topic scenario management.

Comparison Assessment Updates

Report Refresh

This release includes a refresh of the comparison assessment report. The revised report includes four main sections: Comparison Results, Cost Benefits, Timeline to Mitigate, and Comparison Options Cards. The metrics in this report default to displaying the average, but a different reporting metric can be selected from the Report Options menu in the upper right corner of the report. Additional details on the Report Options menu are included below.

Comparison Results

The comparison results chart provides a way to benchmark the different comparisons that are being evaluated against one another, the original (baseline) analysis, and the risk threshold (if defined), based on annualized loss exposure (ALE). The Risk Threshold can be defined in the Report Options menu in the upper right corner of the comparison assessment report. Additional details on the Report Options menu are included below.

The chart introduces a new label: residual risk. Residual risk is the amount of risk that remains after the treatment has been applied, or in other words, the calculated annualized loss exposure for the comparison option. Most commonly, applied treatments will result in a risk reduction. In that circumstance, the residual risk is equal to the baseline annualized loss exposure less the risk reduction value. In comparisons where the risk has increased from the baseline, the residual risk is equal to the sum of the baseline annualized loss exposure and the risk increase value. The comparison results chart can be displayed in either dollars or percentages using the dropdown in the upper right corner of the chart area.

Each portion of the comparison results section can be exported individually to XLS, CSV, PNG, and JPG from the hamburger menu in the upper right corner of the chart.

Cost Benefit

The cost-benefit section provides insight into how effective the comparisons you are evaluating are in terms of return on investment.

The two metrics contained in this section are Change in Risk Per Dollar Spent and Total Risk Treatment Cost. The Change in Risk Per Dollar Spent is a measure of the change in ALE per dollar spent on risk treatments. It is calculated based on the difference between the baseline and comparison assessment ALE and the Total Risk Treatment Cost.

The Total Risk Treatment Cost is reporting on the total cost of risk treatments you have associated with the given comparison. If multiple risk treatments are assigned to a given comparison, the Total Risk Treatment Cost will be the sum of the risk treatment costs of all assigned Risk Treatments.

The metrics included in the cost-benefit section are derived based on Risk Treatments associated with the comparisons included in the comparison assessment. If a given comparison does not have a Risk Treatment assigned to it, both the Total Risk Treatment Cost and Change in Risk Per Dollar Spent will display as not applicable or ‘—'.

If none of the comparisons in the comparison assessment have an associated Risk Treatment, this section will not display.

The cost-benefit section can be exported to XLS, CSV, PNG, and JPG from the hamburger menu in the upper right corner of the chart.

Timeline To Mitigate

The timeline to mitigate section provides insight into the estimated time to implement the solutions associated with the comparisons in the comparison assessment.

The timelines reported in this section are based on the Treatment Years provided in associated Risk Treatments for each of the comparisons. If multiple Risk Treatments are associated with a given comparison, the mitigation timeline displayed will be the longest (highest number of years), of the associated Risk Treatments.

The metrics included in the timeline to mitigate section are based on Risk Treatments associated with the comparisons included in the comparison assessment. If a given comparison does not have a Risk Treatment assigned to it, the timeline to mitigate will display the following text “No mitigation timeline provided”.

If none of the comparisons in the comparison assessment have an associated Risk Treatment, this section will not display.

The timeline to mitigate section can be exported to XLS, CSV, PNG, and JPG from the hamburger menu in the upper right corner of the chart.

Comparison Option Cards

The bottom of the report contains a comparison option card for each of the comparisons in the comparison assessment. Each comparison option card has three pages that can be cycled through overview, treatment effectiveness summary, and notes.

The total cost and timeline to mitigate metrics are both based on information in Risk Treatments associated with the given comparison.

If multiple Risk Treatments are associated with the comparison, the total cost will be the sum of all associated treatment costs and the timeline to mitigate will be the longest (highest number of years) of the associated Risk Treatments.

If no Risk Treatments are associated, these metrics will not display.

Badges

• Cheapest to Implement: comparison with the lowest Total Risk Treatment Cost. This badge can only be awarded to comparisons with associated Risk Treatments.

• Highest Risk Reduction: comparison with the highest risk reduction (difference between the baseline ALE and comparison ALE)

• Fastest to Mitigate: comparison with the shortest timeline to mitigate. This badge can only be awarded to comparisons with associated Risk Treatments.

• Best ROI: comparison with the highest Change in Risk Per Dollar Spent. This badge can only be awarded to comparisons with associated Risk Treatments and negative Changes in Risk Per Dollar Spent (i.e. risk reductions).

• Page 2: Treatment Effectiveness Summary: The treatment effectiveness summary contains metrics primarily related to associated Risk Treatments, including the cost, time to mitigate, and risk increase or decrease as well as a summary statement.

If multiple Risk Treatments are associated with the comparison, the cost will be the sum of all associated treatment costs and the time to mitigate will be the longest (highest number of years) of the associated Risk Treatments. As with other sections, if a Risk Treatment is not associated, the corresponding metrics (cost and time to mitigate) will not display.

Users can navigate between comparison option card pages using the arrow on the right side of the card as well as the two dots on the bottom.

Report Options

The Report Options menu allows users to configure report settings for the comparison assessment report. The Report Options menu can be accessed from the upper right corner of the comparison assessment.

From the Report Options menu, the user can select the Report By metric, select which of the available comparisons are included in the report, and define a risk threshold. The comparison assessment report will be dynamically updated as settings are changed in the Report Options menu.

Settings in the Report Options menu apply only to the comparison assessment the user is actively viewing and will persist until changed.

PowerPoint Export

The existing PowerPoint export of the comparison assessment report can still be accessed using the download icon in the upper right corner of the screen.

Future releases will include updates to this export to align it more closely with the look and feel of the new report.

Removal of Comparison Limit

There is no longer a limit of four comparisons per comparison assessment. Users can now add as many comparisons as applicable for evaluation within a given comparison assessment.

Content Pack Data Helper Refresh

This release includes updates to fines and judgments-related data helpers available in the Starter and Healthcare Payer Content Packs in the Catalog. The data helpers that were updated as part of this release are included below. Changes to the data helpers include range and rationale updates to reflect the most up-to-date industry data as of September 2022.

Starter Content Pack

The following Starter Content Pack data helpers have been updated as part of this release:

• PCI Data Access/Disclosure - Fines, Judgments, and Contractual (SLA) Cost

• PHI Data Access/Disclosure - Fines, Judgments, and Contractual (SLA) Cost

• PII Data Access/Disclosure - Fines, Judgments, and Contractual (SLA) Cost Healthcare Payer Content Pack

• PCI Data Access/Disclosure - Healthcare Payer - Fines, Judgments, and Contractual (SLA) Cost

• PHI Data Access/Disclosure - Healthcare Payer - Fines, Judgments, and Contractual (SLA) Cost

• PII Data Access/Disclosure - Healthcare Payer - Fines, Judgments, and Contractual (SLA) Cost

Accessing Content Pack Data Helpers

Content pack data helpers, including those updated as part of this release, can be accessed from the Catalog menu.

After navigating to the Catalog, select a Content Pack to view available data helpers.

Click on Add to Library in the menu options on the far right of the Content Pack data helper to add a data helper to your data helper library.

An icon will display in the far-left column of the content pack item selection table when a given data helper has been previously added to your data helper library.

Data helpers that have already been added to your data helper library are still available to download. When attempting to add a data helper to your data helper library, a confirmation dialogue will display if a data helper with the same name already exists.

If Add Item is selected, a number will be appended to the end of the data helper name, and it will be added to the data helper library. The original data helper and associated subscriptions will not be impacted.

Portfolio Topics Quality of Life Improvements

This release includes two minor updates related to the association of scenarios to topics within a portfolio.

Manage Scenarios Confirmation Dialogue

Users can manage the scenarios associated with a given topic from the Manage Scenarios page. New with this release, users will be notified if they attempt to add a scenario that does not contain a current version and therefore will not be included in their topic or portfolio reports.

Manage Scenarios Option Added to Portfolio Drawer View

Users can now access the Manage Scenarios page for a given topic from the topic menu within the portfolio drawer.

Bug Fixes

• Subscribing to threat causes an error

KNOWN ISSUES AND EXCLUSIONS

• The minimum supported browser resolution is 1440 px width. Some application content and functionality are not visible or functional at smaller resolutions.

• Some asset and scenario workshop keyboard control options do not function as expected in IE and Edge browsers.

• There is a known issue when the session timeout is set to 15 minutes because of a limitation with Microsoft.NET Framework. This framework dictates that the session cookie cannot be updated during the first half of the user’s session. When a user is inactive, the platform’s warning popup displays when there are 10 minutes left in the session. Since a user cannot update the cookie within the first half of the session (before the halfway mark at 7:30 of 15:00), if the user clicks Stay Logged In in those first 2.5 minutes, their session will not reset to 15 minutes and will time out at the end of the original 15 minutes.