Risk Quantification and Advanced Workflow Automation Enhance IT Risk Management

Hugh Barrett
October 6, 2022 • 4 min read

Telos Corporation recently announced the newest release for Xacta 360 and Xacta.io, both equally important components of the Xacta® cyber risk management and compliance platform. This release introduces cutting-edge capabilities that bring the Xacta platform to the forefront of IT risk management solutions available today.

Beyond the powerful cyber risk and compliance management capabilities that Xacta has offered for 20+ years, security-conscious organizations can now express cyber risks quantitatively in dollar amounts, automate IT risk management workflows without human intervention, and improve integration between solutions in their cybersecurity tech stack via an enhanced API.

Analyst firm Gartner recognized cyber risk quantification (CRQ) as an “ITRM Top Trend” for 2022, and as a critical capability for ITRM solutions. Despite recognizing CRQ as a critical component of an IT risk management program, a mere 36% of Gartner’s surveyed organizations can currently demonstrate concrete results. Many organizations currently lack a solution to effectively identify and align business objectives with the most critical cyber risks for effective prioritization and remediation of risks with the greatest financial impact potential. More specifically, organizations face challenges surrounding data accuracy, timeliness, and understanding the context necessary to effectively tie cyber risks to specific business decisions. Plainly put, organizations are struggling to understand their cyber risk and compliance data in a context that drives business decisions.

Xacta’s risk quantification approach leverages native methodologies that allow you to calculate inherent risk likelihood, impact, and criticality based on data provided which can be graphed in a heatmap to illustrate real-time posture and visualize progress over time. In addition, customers can also define their own custom financial loss formula through population expressions and layer it over Xacta’s native methodologies for customer-specific risk analysis in dollar amounts.

Xacta’s auto-generated heatmap allows you to categorize your risk posture and identify specific areas of risk that pose the greatest potential business impact(s) or financial loss.

Like many of Xacta’s other ITRM workflows, the cyber risk quantification workflow provides templates and criteria fields to dynamically collect data on your organization’s specific inherent risks. This heatmap then enables you to visualize potential impact severity. Xacta’s dynamic ability for data collection across numerous IT risk management functions ensures that your quantitative risk analysis is specific to your organization’s metrics. This data specificity facilitates and automates the accurate prioritization and remediation of the most business-critical risks.

In addition to the exciting capability for cyber risk quantification, this release also enhances Xacta’s intelligent workflow capability – a feature that delivers the workflow and structure needed to automate tasks requiring human intervention. Xacta customers can now set specific criteria and use questionnaires to automatically populate control implementation data, activate overlays, and receive or provide control inheritance data with dynamic workflow triggers.

Xacta’s project, task and process step-based workflow allows the intelligent workflow feature to introduce extreme automation via prerequisites, role-based approvals, and customizable conditional forms. Ultimately, Xacta’s intelligent workflow decreases the degree of human input required to progress IT risk management workflows, streamlines collaborative projects, reduces audit fatigue stemming from manual and repetitive approval processes, and eliminates user error.

Lastly, in response to requests from current customers, Xacta’s API has been advanced to further accommodate the data ingested from the business intelligence and security tools used by Xacta customers. Additionally, native integrations added in this release include Tenable and STIG Viewer, which deepen Xacta’s robust vulnerability management capabilities, and grow the network of vulnerability scan data sources to improve CVE coverage within the Xacta platform.

Xacta’s API will continue to be refined in subsequent releases to facilitate integration with numerous threat intelligence feeds, both open and closed source. 

If you are interested in learning more about Xacta’s revolutionary cyber risk quantification and intelligent workflow capabilities, please schedule a demo here where our cybersecurity experts can demonstrate the power of these new capabilities and show how they can transform your organization’s IT risk management processes. If you are seeking more general information about the Xacta suite of ITRM solutions, please visit this link to learn more.

Hugh Barrett
Chief Product Officer, Xacta
Hugh Barrett is the Chief Product Officer, Xacta at Telos Corporation. Follow him on Twitter: @hugibarr
Read full bio

Subscribe to Our Newsletter

Although we may use your information for targeted marketing and advertising, as described in the Privacy Policy, we will never sell your information to any third party.