Arx Nimbus Releases Thrivaca 4.0/NIST to Boost Risk Reduction Buying Power with Unlimited “What if” Runs

Share Article

The new Thrivaca 4.0 and NIST 4.0 releases add unlimited “what if’ analysis in providing financial insight into cyber risk management and related risk carrying costs. Thrivaca’s ability to represent an organization’s risk in financial terms, helps direct cybersecurity spending to initiatives that will return the largest reduction in annual risk carrying costs.

Arx Nimbus' Thrivaca™

“With one hour of your time, Thrivaca provides a traceable articulation of your monetized risk exposure in three days.” - Arx Nimbus CEO, R. David Moon

Based on established regulatory requirements, including NIST -800-53, FERC, FFIEC and related standardized frameworks, Arx Nimbus’ Thrivaca™ Risk Profile Platform takes organizations’ cybersecurity risk reduction efforts past the limitations of professional opinion and expert judgment. Based on the latest advances in adaptive threat modeling and consistant with modern actuarial standards, it produces a financially literate risk profile that spans the entire enterprise. Organizations can use Thrivaca risk analytics to advance their regulatory compliance, improve their litigation preparedness, apply their cybersecurity resources to the areas of greatest cyber risk, and determine proper insurance and cybersecurity budget levels.

Quantitative risk profiling is provided in financial terms within days using insurance-grade quantitative mathematics developed around actuarial principles and formal econometrics. Thrivaca has been used in banking, national defense, healthcare and higher education where results support cyber investment optimization, cyber insurance negotiations, transparency and traceability, risk reduction, and compliance attainment.

Thrivaca incorporates automated scanning, trend line analysis, and back-testing of risk dynamics against actual threat patterns in relation to the subject company’s specific vulnerabilities. Version 4.0 allows for unlimited pro forma “what if” runs, updates probability calculations based on industry incident updates, and improves the interactive reporting with goal calculations, and decision tracking.

Thrivaca 4.0’s new unlimited “what if” analysis gives senior leadership a financial understanding of the current risk carrying costs and how they are impacted by various combinations of capability levels. This supports optimization of cybersecurity strategies and directions based on their relative risk reduction capabilities.

Thrivaca provides an independent, unbiased profile of detailed sources and effects of cyber security dynamics within the organization, including a self-insurance price to help frame key decisions around the cost of specific cyber risks and valued cyber security insurance policies. Developed with economist and actuarial practitioners, Thrivaca provides a mathematically-based core valuation engine that unlike conventional solutions, is not based on professional judgment or expert opinion. For organizations faced with cybersecurity risk, Thrivaca provides a sophisticated financial valuation of their annual risk carrying cost associated with specific vulnerabilities. For the first time, cybersecurity, financial, and risk professionals are able to see the risk-reduction impacts of alternative cybersecurity capabilities, budgets and prospective investments.

The National Association of Corporate Directors said: “Board-Management discussions about cyber risks should include identification of which risks should be avoided, which to accept, and which to mitigate or transfer through insurance.”

The European Union in its GDPR requirements said: “Risk should be evaluated on the basis of an objective assessment, by which it is established whether data processing operations involve a risk or a high risk.”

The US Securities and Exchange Commission said: "Cybersecurity risks pose grave threats to investors, our capital markets, and our country. Controls and procedures should enable companies to identify cybersecurity risks and incidents, assess and analyze their impact on a company’s business, evaluate the significance associated with such risks and incidents, provide for open communications between technical experts and disclosure advisors, and make timely disclosures regarding such risks and incidents.”

Arx Nimbus is a SaaS Software company that provides quantified analysis of cybersecurity defense, governance, compliance and risk reduction for organizations in every industry. Our mission and passion are to bring knowledge of cybersecurity risk to every enterprise worldwide. We combine deep experience in defense, logistics, financial services and technology sectors with exceptional academic credentials, equipped with comprehensive standards-based quantitative methodologies. Through its’ Thrivaca product, Arx Nimbus provides independent insurance-grade analysis of available options in addressing cybersecurity threats, risks, vulnerabilities and capabilities.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Robert Parsons
Arx Nimbus, LLC
(888) 422-6584 x 704
Email >
Follow >
Arx Nimbus

Visit website