Simulating Years
0 / 10,000

Risk Scenario Configuration

Define parameters for Monte Carlo simulation (N=10,000)

Event Frequency
events in years
events in years
events in years
Loss Magnitude (€)
Estimation Confidence
Executive Summary

Run simulation to generate risk analysis.

Median (P50)
Value at Risk (VaR)
Extreme (P99)
Volatility

Mitigation Strategy

Simulate control impact

Post-Control Frequency
in years
in years
in years

Executive Risk Report

Simulation Artifact #001

Executive Summary (BLUF)

Run simulation to generate report.

Annualized Exposure
Tail Risk (P90)
Diff (Volatility)

Input Parameters

Configuration for this simulation run

Scenario

...

Frequency

Magnitude

Documentation

Understanding the Risk Engine

Key Metrics Explained

Value at Risk (VaR): A statistical threshold predicting the maximum probable loss. However, VaR is indifferent to the severity of losses beyond its threshold. If risk is volatile, VaR may not reveal the full picture of extreme scenarios.

Conditional VaR (CVaR): Addresses VaR's limitations by quantifying the expected loss if the VaR threshold is crossed. While VaR sets the breakpoint (e.g., "1 in 10 years"), CVaR tells you how bad the disaster actually is when it happens.

Mean Loss (95% CI): The weighted average loss over time, with a confident range. Use this for annual budget planning.

Risk Scenario Examples

Ransomware Attack:
Frequency: 0.1 (1 in 10 years)
Magnitude: $2M - $5M

Data Breach:
Frequency: 0.2 (1 in 5 years)
Magnitude: $500k - $2M

About FAIR Method

Factor Analysis of Information Risk (FAIR) decomposes risk into:
Loss Event Frequency: How often bad things happen.
Loss Magnitude: How much it costs when they do.

Confidence Levels

Adjusting confidence changes the "shape" of the probability curve (Beta-PERT):
Low: Flatter curve. We are unsure, so extreme outcomes are more possible.
Medium (Default): Standard weighting.
High: Peaked curve. We are very confident the value will be close to the "Most Likely" estimate.