Modern companies are global, integrated, and complex, yet risk assessments tend to focus on specific components and ignore their function in the larger enterprise. Tapestry utilizes graph models to visualize which integrated systems are tied to particular organizational functions. Those systems can be combined, moved, or pulled apart to estimate any number of risk scenarios in your organization. Our consultants use Tapestry to visually represent integrated risk across the range of hacker-induced effects.
Primary and Secondary Effects Estimation
Cyber threats can produce a host of effects from the stealing of corporate data to disruptive attacks against critical infrastructure. Measuring those impacts in a meaningful way requires consistent use of a rigorous method to capture the impact to the targeted system and the resulting financial cost to your organization. Tapestry leverages university-generated research in cyber effects to create standard classifications and estimators which provide a nuanced and meaningful set of metrics for your organization.
User Induced and Supply Chain Risks
Technical vulnerabilities in your system are not the only concern. User and supply chains represent other potential weak spots to the critical portions of your organization. Tapestry allows users to connect users and their corresponding attack surfaces with organization supply chains to identify which systems and organizational functions are most at risk.
Compliant with the National Institute of Standards and Technology (NIST) Cybersecurity Framework
The guidance set forth in the NIST framework represents best practice, but often does not provide methods for achieving the recommendations. Tapestry combines standardized effects, a means of measuring severity, and an integrated systems approach to estimate the primary and secondary effects of a range of operational scenarios. This approach provides a relevant and practical means of estimating risk to your organization while meeting the objectives laid out in the NIST framework.