About CSS

Case Study: Risk Quantification Prioritizes Action Items For Consumer Product Company

May 1, 2019


Quantitative risk analysis disproves qualitative analysis results


Download the PDF



Consumer product



A qualitative risk analysis performed by an external auditor provided the client with their top five cyber risks. The client, being familiar with quantitative risk analysis, desired a second analysis to see if the results of the qualitative analysis accurately represented the company’s top five areas of concern.



CSS generated the company’s top five cyber risks from a quantitative perspective to compare them with the previously named threats in order to identify areas requiring the greatest focus.



» Gained an understanding of which threats were of greatest concern

» Assured their intellectual property risk was being managed

» Avoided unnecessary spending and ensured effective allocation of resources in other areas

» Allowed client to expose senior leadership to the benefits of risk quantification


Successful Risk Quantification Highlights

» Used the top five risks as determined by the qualitative analysis including loss of intellectual property, loss of PII, and loss of DNS

» Completed a risk quantification and FAIR analysis to measure the potential impact of each

» Provided a report to compare qualitative and quantitative risk assessment results

» Discovered that not all five initial threats from the qualitative report were of concern and informed the client of which ones were based on the quantitative report findings


Click here to schedule a free risk consultation and ask questions about how risk quantification be applied to your business.


About CSS

Converged Security Solutions, along with Evolver and eVigilant, provide a full suite of technology services that span cybersecurity, physical security, and IT management. We are ISO 27001 and ISO 9001 certified, as well as CMMI Level 3 appraised.