Calculate how much time and money you will save with RED INTO GREEN
Risk assessment as required by the DORA regulation and the NIS2 directive is time and cost demanding. Enter data relevant to your organization. Number of assets, processes, risks, stakeholders, products or services. Check how much it will cost you as well as how much you can save.
Complete the fields below
| Activities | RIG DORA (H) | Excel (H) |
|---|---|---|
| Preparation of assumptions methodology and tool1 | 2 | 80 |
| Organization mapping2 | 255 | 383 |
| Assessment of consequences for (BI and CD)3 | 5 | 105 |
| Assessment of probability (BI and CD)4 | 11 | 167 |
| Risk calculation (combination of probability and impact information(BI and CD))5 | 0 | 40 |
| Verification | 2 | 27 |
| Total hours | 275 | 801 |
| Total salary of an employee performing a task for 100 hours per month: 3480 Euro gross | 41250 | 120200 |
| Value of salary saved through shortened project duration | – | 78950 |
| Value of SaaS subscription* | 40000 | – |
| Over 1 year: | ||
|---|---|---|
| Cost [eur] | 81250 | 199150 |
| Time [mo] | 2,7 | 8,0 |
1 Preparing an ICT risk assessment for an organization requires thinking about the methodology and creating a tool to estimate the risks in the organization. RIG DORA is the result of 11 months of R&D work resulting in a ready-made tool with a well thought-out methodology.
2 Assessing ICT risk according to ISO standards requires gathering information about processes, assets, vulnerabilities, security, stakeholders, products and services. We believe that a lot of time can be saved with pre-made dictionaries, import capabilities and prepared linkages of relevant information. At RIG DORA, you can carry out such a study 50% faster.
3 The risk level is the product of the convention and probability assessment. Assessing convention in the Business Continuity domain requires combining information about the process-supporting asset together with the information asset with an assessment of the severity of the consequences of the loss of the safety attribute for the stakeholders. Listing such combinations in a medium to large organization may require the preparation of a list of several thousand combinations. In RIG DORA, such a combination is automatically prepared by the system in a few seconds for all combinations (4 clicks are needed). We have left a few hours in the list to allow time in the project to review the correctness of the results.
4 The probability assessment is the second component necessary for the risk assessment. What is required is a combination of the threat information with the supporting assets and its vulnerabilities and safeguards, broken down into security attributes: confidentiality, integrity, availability, authenticity and possible legality. Usually, such analysis is performed by an expert according to an accepted scale. At RIG DORA, such an estimation is performed automatically based on the scenarios, assumptions and information relationships made during the description of the organization. We have left a few hours in the compilation to allow time in the project to review the correctness of the results.
5 We combine the relevant values from the convention and probability assessment results. The merging time depends on the degree of automation of the tool used. In RIG DORA, we generate the ICT risk estimation for the DORA domain automatically. The last 2 clicks are needed. The next step is to use the analytical modules for the assessment of the highest risks.
* The subscription price is an example, it depends on the number of supporting assets and ICT providers.
2 Assessing ICT risk according to ISO standards requires gathering information about processes, assets, vulnerabilities, security, stakeholders, products and services. We believe that a lot of time can be saved with pre-made dictionaries, import capabilities and prepared linkages of relevant information. At RIG DORA, you can carry out such a study 50% faster.
3 The risk level is the product of the convention and probability assessment. Assessing convention in the Business Continuity domain requires combining information about the process-supporting asset together with the information asset with an assessment of the severity of the consequences of the loss of the safety attribute for the stakeholders. Listing such combinations in a medium to large organization may require the preparation of a list of several thousand combinations. In RIG DORA, such a combination is automatically prepared by the system in a few seconds for all combinations (4 clicks are needed). We have left a few hours in the list to allow time in the project to review the correctness of the results.
4 The probability assessment is the second component necessary for the risk assessment. What is required is a combination of the threat information with the supporting assets and its vulnerabilities and safeguards, broken down into security attributes: confidentiality, integrity, availability, authenticity and possible legality. Usually, such analysis is performed by an expert according to an accepted scale. At RIG DORA, such an estimation is performed automatically based on the scenarios, assumptions and information relationships made during the description of the organization. We have left a few hours in the compilation to allow time in the project to review the correctness of the results.
5 We combine the relevant values from the convention and probability assessment results. The merging time depends on the degree of automation of the tool used. In RIG DORA, we generate the ICT risk estimation for the DORA domain automatically. The last 2 clicks are needed. The next step is to use the analytical modules for the assessment of the highest risks.
* The subscription price is an example, it depends on the number of supporting assets and ICT providers.