TIGIR was developed to answer a specific business problem. The Canadian government is mandated to perform Threat/Risk Assessments as part of development and acquisition of various assets; the Harmonized Threat/Risk Assessment (HTRA) is the methodology that must be adhered to.
The HTRA is an outdated manual, paper-based process that does not account for the current threat/risk climate that is normally hired out to consultants, taking months to complete and costing tens of thousands of dollars. Time and cost prohibitive, HTRAs are done only when absolutely required rather than as a frequent audit activity. Also each time, a new HTRA must be started, as the previous HTRA is unusable - every consultant has their own approach, so HTRAs are inconsistent, not comparable and difficult to measurable.
TIGIR was developed, after substantial analysis of the issues, to replace the specialized consultants required to perform HTRAs for government and to meet the need and untapped market for SMEs - reducing the cost, time and creating consistency, as well as legacy as a saved record that can be updated at any time.
TIGIR performs threat/risk analysis by valuing the organization, its lines of business, market percentage, contracts and partnerships and the value of assets and costs if that asset is stolen/lost, disrupted for a period of time, destroyed or modified affecting its integrity. Asset value is determined by their classification and importance to the organization and its revenue, reputation, shareholder value, etc. This is a much more robust and meaningful formula to assess assets and risk. Also the algorithm does all of the work so senior analysts or security practitioners aren't required to do the work.
Once the TRA is completed in TIGIR, that record is saved and can be updated as often as the organization wants or needs to re-check their security posture. Several options for final report are available, including government compliant. Portions of the report are editable except the metrics, which can only be changed in the valuation process that is recorded in the audit log, ensuring high integrity of data.
In the background, as part of the license agreement, non-proprietary data is uploaded to the TIGIR database to create user demographics and data trends, including breach type information. As this database grows, it can be used to develop and refine to the software, identify strong or new markets and act as a data mining database for third parties.
Scalability is inherent to the algorithm and its ability to extend and be applied to deliver various data sets and detailed valuation as the product line grows.
There is also extensibility to incorporating artificial intelligence (AI) in learned processes and block-chain design for data integrity and uniqueness.