Manage Business Impact

A material impact is an event that, if it occurred, would result in substantial harm to your business. Epiphany’s Business Impact Matrix (BIM) gives you a customized view into potential material impacts, based on what’s important to your organization. This means you can assign value to various assets and then monitor their potential exposures and risks. You can also tag assets with other information not related to their value, such as tagging all assets in a physical location or all assets in a particular organization. Then you can identify all the attack paths that lead to these assets.

Outcome:

• At a glance, you can see whether any of your critical assets, applications or users are exposed to an attacker.

Scenario: Your Organization Needs to Know How an Adversary Can Impact Assets in a Specific Part of the Business

Pursuant to an audit or red/blue team focus, your organization wants to know how an adversary can impact assets associated with a specific line of business or business service. Major projects require implementing new assets or changing the state of existing ones. These additions and changes may introduce risks that are not seen by the project team despite all the attention on the initiative. Epiphany’s Business Impact Matrix (BIM) allows you to tag critical assets and group them by factors such as criticality and association with your business services. This capability enables your organization to continuously monitor configuration or policy changes that introduce risk to these services.

Solution: Epiphany’s Business Impact Matrix

You can group and tag assets associated with services to prioritize them and show if they are in attack paths. By tagging all assets created and modified in the Business Impact Matrix as part of a project, rolling metrics are available showing the introduction and removal of material risks associated with the initiative.

Addition of Assets Into an Impact Matrix

In the next image, the larger circles represent two asset groups created by an Epiphany user. They contain assets important to the user’s organization.

Colors and iconography are used to give you a quick understanding of which assets might be at risk. The large red circle group has a critical risk, and the yellow group has a high risk. The user assigned these risk levels when he created the croup.

The colors of the individual “path” icons also have significance:

1. Purple path icon. The presence of this icon represents that the asset is part of an attack path and is associated with a BIM group, in this case the "Test Group." You can right-click on it to display Node Details that show the specifics about this node and any potential attack paths it is part of.

2. Red path icon. The presence of this icon in a search (the pane on the right) represents that this asset is part of an attack path and it is not associated with a BIM group.