STREAM Version 5.4 is now available. The main focus has been the introduction of quantitative risk assessment capabilities and benefits, including:
- Calculation of expected loss per risk based on lower and upper bound financial impacts and expected frequency of occurrence
- Aggregation of expected loss up through the Enterprise
- Loss exceedance curves showing the probability of suffering losses from cyber breaches with comparison against management’s tolerance for loss
- Control improvement priority report showing a list of controls for implementation or improvement prioritised by those that will provide the greatest reduction in expected loss
- What-if analysis on the loss exceedance report, modelling how the probability of losses will change if selected controls are implemented or improved
- Optional auto-calibration of the controls that are mitigating each risk so that if control performance improves or degrades, the frequency of occurrence and expected loss is re-estimated automatically
- Top 10 risks report by expected loss for each part of the business and in aggregate
- Options within the same STREAM database to assess risks: a) only quantitatively, b) only qualitatively, or c) both qualitatively and quantitatively to allow users to migrate in full, or in part from a qualitative to quantitative approach
In addition, there have also been productivity-related updates that will improve the efficiency of day-to-day use of STREAM.
