top of page

Enabling companies to improve cybersecurity and reduce costs,

by bringing predictability to the randomness of data breach,

using data analytics and A.I.

​

​

Call or book a free peer comparison.

https://meetings.hubspot.com/thomasl4

Products

Aggregate 3rd Party Assessments

Regulators and management need 3rd party assessment that are accurate and not based upon opinions or assumptions. VivoSecuiry enables  our customers to satisfy regulators by assessing true 3rd party risk, which is the probability that one of their vendors will have a data breach, obsoleting the use of questionnaires, maturity scores and SOC2 reports.

 

The risk from 3rd parties is from breaches caused by  the sheer number of vendors. VivoSecurity quantifies this risk twice per year, with an aggregate forecast. We help senior management set risk appetite goals with a testable forecast of data breach frequency.  We help cybersecurity teams identify the few vendors that represent most of the risk,  we then quantify the value of mitigation. Finally, we satisfy regulators with an accurate and documented process for vendor assessment using an empirical and transparent regression model for probability of data breach. 

​

Data Breach Impact Report

The cost of a data breach is predictable. By understanding the causes and  cost of data breaches,  VivoSecurity allows our customers to make informed decisions around cybersecurity investments. We use an empirical regression model, which means that it is based upon factors that predict cost.   The model is easy to understand, and provides insights into how to manage and reduce costs.  The report provides the median and 80% confidence interval for a data breach caused by a malicious outsider, a malicious insider, a lost & stolen device, and/or  an accident. The model forecasts the sum of all costs including investigation costs, notification costs and reputation damage and the probability for lawsuit, providing a complete and detailed breakdown of costs.

Peer Comparison

Senior management would like more than green/yellow/red. They would like to know the probability for data breach and the cost of reducing this probability. They would like to know how they compare with peers and they would like to be able to weigh cybersecurity risks against other business priorities. They would like to know how the cost of risk transfer compares with the cost of reducing cyber-risk.

 

VivoSecurity brings  predictability to the randomness of cybersecurity incidents by enabling  our customers understand the probability of having  a data breach. Our report will help senior management set risk appetite goals for their internal cybersecurity, in terms of data breach frequency and data breach size, and, more importantly, weigh the cost of cybersecurity against the cost of risk transfer. Our report will also show senior management how they compare with their industry and size in terms of cybersecurity spend and management culture.

Product

Partners

Partners are independent individuals or organizations that help Vivo deliver our offerings. Partners have access to our backend data and may develop their own reports, provide their own interpretations and add additional data. Partners can provide consulting services to help you integrate the management of third-party data breach risk into existing processes.

Christine Dewhurst, CISA, CPA, Bachelor of Mathematics from the University of Waterloo, is the leading authority for management of cumulative third-party risk, defining such terms as “Tail-vendor”, discovering thresholds for tail-vendors, defining appropriate risk-appetites and working out methodologies for mitigating cumulative third-party data breach risk that integrate into current processes for Third-Party Risk Management (TPRM). 

Christine advises companies on governance-strategies, risk management and auditing, and is a key collaborator with VivoSecurity. She has more than 27 years experience in senior roles at KPMG, Deloitte, Manulife and Bank of Montreal (BMO), addressing cybersecurity assurance, vulnerability fortification, identity & access management, business resiliency capabilities and TPRM. Christine is a frequent presenter at ISACA Toronto and Canadian Cyber Threat Exchange (CCTX).

Michael Stoyanovich CDPSE, MPA, He is a leading expert at managing third-party data breach risk including 1) strategies and policies for managing risk-budgets, 2) methods for evaluating risk-budgets and 3) integration of the management of third-party data breach risk within current TPRM frameworks and practices. He is also an expert for assessing third-parties based upon information security (“InfoSec”) team size and training, IT-training, and evaluation of a third-parties outsourced cybersecurity. 

Michael has over 30 years of experience in technology and has served as Chief Information Officer (CIO) and Chief Operating Officer (COO) at Associated Third Party Administrators (ATPA) and CIO of BeneSys. He earned a Certified Data Privacy Solutions Engineer (CDPSE) credential, issued by ISACA. Stoyanovich received a bachelor of arts degree from the University of Michigan and a master of public administration degree from Michigan State University. Michael is a vice president and senior consultant in Segal’s Administration & Technology Consulting practice.

About

About

VivoSecurity develops rigorous statistical and AI models, that meet the Federal Reserves and office of the controller guidance for model risk management (SR11-7), to forecast the cost and probability of data breach. The vivo team has PhD level scientists and statisticians who have developed novel, yet rigorous methods to leverage from the numerous state and federal reporting requirements regarding data breach. 

Tom Right.jpg

Thomas Lee

unnamed.png

CEO

BS, Electrical Engineering, Univ. of Washington

BS, Physics, Univ. of Washington

PhD, Biophysics, Univ. of Chicago

Paul%20B_edited.jpg

Paul Borchardt

unnamed.png

Board of Directors, IP Advisor

PhD, Biomedical Science, Univ. of Texas

JD, Univ. of San Francisco

800px-Spencer_Graves-2_edited.jpg

Spencer Graves

unnamed.png

Head of Modeling

MA, Mathematics, Univ. of Missouri

PhD, Mathematical Statistics, Univ. of Wisconsin

Shawn%20W_edited.jpg

Shawn Wilde

unnamed.png

Board of Directors

Former CIO,

GDPR HIPAA CCPA Advisor

Nagaraja%20D_edited.jpg

Nagaraja Kumar Deevi

Advisor

unnamed.png
Aaron%20A_edited.jpg

Aaron Arutunian

unnamed.png

Cybersecurity Advisor

CISSP, CISA & 32 additional certifications

Resources

Resources

Case Studies
Case Study Thumb v7.8.jpg
Publications
First Page Screenshot.png
ScreenshotFirstPage.png
CISSPCISAThump.jpg
QA White paper 1 screen shot.jpg
Screenshot 1st page.tiff

Assessing the Effectiveness of Third-Party Risk Management using Quantitative Models

A new protocol for Internal Audit to assure that third-party data breach risk is within management's risk-tolerance

Axel Troike, Thomas Lee, PhD, David Hann

Screenshot Digital Trust.jpg

How ISACA can unleash a Digital Trust revolution

An editorial response to ISACA’s white paper on digital trust

Thomas Lee, PhD

Talks
Screenshot.jpg

Forecasting Data Breaches

A talk given to ISACA Philadelphia, May 5th, 2023

Speaker was Thomas Lee, PhD

Industries

istockphoto-1065733544-612x612_edited.jp

Financial • Banking

The Federal Reserve and Office of the Comptroller of the Currency (OCC) has special requirements for banks regarding models and assessing model risk (see SR11-7).

VivoSecurity  assists  our customers to meet this standard with empirical regression models that are fully compliant. Our models bring non-technical insights to senior management and new technical insights to the subject matter expert. With each use, our Aggregate 3rd Party Assessments make a testable forecast to validate our results.. We support model validation, provide model-documents, and support model maintenance to aid assessment of model risk. Our models help banks, financial institutions and transaction processors to quantify and manage the risk from 3rd and 4th parties, demonstrate an advanced approach for risk management to regulators and bring certainly to the randomness of data breach. 

im-142433_edited.jpg

Biotech • Pharma • Medical

Good policies and procedures are the foundation of quality assurance (QA). We support our customer’s QA teams with a HIPAA compliant, CLIA compliant and NIST 800.30 compliant Aggregate 3rd Party Assessment process.

 

Our Aggregate 3rd Party Assessments apply to both IT/technology and business critical clinical vendors. We help our customers save money—while also reducing cyber-risk, by identifying the few vendors that account for most of the risk. Our customers save money by focusing mitigation efforts, which can be justified by quantifying the value with a model and process that is credible to regulators.

 

Our customer’s QA teams gain non-technical, yet actionable insights into the risk posed by each vendor, and by the risk from the sheer number of vendors. We support our QA customers with a template SOP and training for vendor assessments and new vendor onboarding. We support our customers when they face CAP and OCR auditors with our credible, accurate and testable empirical regression model that quantifies cybersecurity risk.

IdentityTheft_edited.jpg

Industries with PII

Companies continue to  outsource services and infrastructure, with  3rd party risk being  the cybersecurity blind spot. We find that about 50% of larger data breaches are caused by 3rd parties. This 3rd party risk is due to the sheer number of vendors, which cannot be assessed with maturity or compliance models, or SOC 2 reports. We help all of our customers quantify and manage this cybersecurity risk with empirical statistical models that forecast data breach for all their vendors, not only the vendors missed by maturity or compliance models. 

Industries
Contact

Contact

VivoSecurity Inc.

Los Altos, California

 

Telephone 650-919-3050

​

LinkedIn

unnamed.png

Email us

inquiries@VivoSecurity.com

​

Book a meeting

For first free analysis

https://meetings.hubspot.com/thomasl4

​

​

bottom of page