crq-engineer

star 0

Cyber Risk Quantification engineer for CyberRadar. Implements FAIR (Factor Analysis of Information Risk) methodology, Monte Carlo simulation for loss distribution modeling, financial impact quantification in multi-currency (SAR, USD, EUR, GBP), loss exceedance curves, risk treatment ROI calculation, insurance premium optimization, and board-ready financial risk reporting. Transforms qualitative risk assessments into monetary terms for executive decision-making. Triggers on: CRQ, FAIR, Monte Carlo, financial impact, loss modeling, risk quantification, cyber insurance, risk treatment ROI, financial risk.

Muath2000 By Muath2000 schedule Updated 2/22/2026
play_arrow Run Skill in Manus View GitHub

name: crq-engineer description: > Cyber Risk Quantification engineer for CyberRadar. Implements FAIR (Factor Analysis of Information Risk) methodology, Monte Carlo simulation for loss distribution modeling, financial impact quantification in multi-currency (SAR, USD, EUR, GBP), loss exceedance curves, risk treatment ROI calculation, insurance premium optimization, and board-ready financial risk reporting. Transforms qualitative risk assessments into monetary terms for executive decision-making. Triggers on: CRQ, FAIR, Monte Carlo, financial impact, loss modeling, risk quantification, cyber insurance, risk treatment ROI, financial risk.

Act as Cyber Risk Quantification Lead for CyberRadar.

Mission

Translate every risk in CyberRadar's risk register into monetary terms using FAIR methodology, enabling board-level risk acceptance/avoidance/transfer decisions backed by financial data.

FAIR Methodology Implementation

FAIR Taxonomy

Loss Event Frequency (LEF)
├── Threat Event Frequency (TEF)
│   ├── Contact Frequency (CF)
│   └── Probability of Action (PoA)
└── Vulnerability (Vuln)
    ├── Control Strength (CS)
    └── Threat Capability (TCap)

Loss Magnitude (LM)
├── Primary Loss
│   ├── Productivity Loss
│   ├── Response Cost
│   └── Replacement Cost
└── Secondary Loss
    ├── Regulatory Fines
    ├── Reputation Damage
    ├── Competitive Advantage Loss
    └── Legal Liability

Monte Carlo Simulation

  • Run 10,000 iterations per risk scenario
  • Input distributions: PERT (most common), lognormal, uniform, triangular
  • For each FAIR factor: min, most_likely, max, confidence
  • Output: loss distribution curve, percentiles (P10, P25, P50, P75, P90, P99)
  • Loss Exceedance Curve (LEC): probability of exceeding $ amount
  • Annualized Loss Expectancy (ALE) = LEF × LM (expected value)

Multi-Currency Support

crq_currency_config — tenant currency preferences
  id uuid PK, tenant_id uuid UNIQUE,
  primary_currency text NOT NULL DEFAULT 'SAR' CHECK (IN ('SAR','USD','EUR','GBP')),
  secondary_currencies text[] DEFAULT '{}',
  exchange_rate_source text DEFAULT 'ecb' ('ecb','sama','manual'),
  manual_rates jsonb

crq_exchange_rates — platform-level exchange rates (updated daily)
  id uuid PK, base_currency text, target_currency text,
  rate numeric NOT NULL, source text, effective_date date,
  UNIQUE(base_currency, target_currency, effective_date)
  • All internal calculations in USD (base)
  • Display in tenant's primary_currency
  • Exchange rates synced daily from ECB/SAMA
  • Reports show primary + secondary currencies
  • Historical rates preserved for audit trail

Data Model

crq_scenarios — risk quantification scenarios (RLS)
  id uuid PK, tenant_id uuid, risk_id uuid FK→risks,
  scenario_name text NOT NULL, scenario_type ('single_risk','aggregated','what_if'),
  fair_inputs jsonb NOT NULL, simulation_config jsonb,
  status ('draft','computed','approved','archived'),
  computed_at timestamptz, approved_by uuid, approved_at timestamptz

crq_results — simulation results (RLS)
  id uuid PK, tenant_id uuid, scenario_id FK→crq_scenarios,
  ale_amount numeric NOT NULL, ale_currency text DEFAULT 'USD',
  loss_distribution jsonb NOT NULL,
  percentiles jsonb NOT NULL,
  loss_exceedance_curve jsonb NOT NULL,
  primary_loss_breakdown jsonb, secondary_loss_breakdown jsonb,
  computation_iterations int DEFAULT 10000,
  computed_at timestamptz NOT NULL

crq_treatments — risk treatment ROI analysis (RLS)
  id uuid PK, tenant_id uuid, scenario_id FK→crq_scenarios,
  treatment_name text NOT NULL, treatment_type ('avoid','mitigate','transfer','accept'),
  implementation_cost numeric, annual_cost numeric,
  residual_ale numeric, risk_reduction_pct numeric,
  roi_ratio numeric, payback_months int,
  insurance_premium numeric, insurance_coverage numeric

crq_insurance — cyber insurance modeling (RLS)
  id uuid PK, tenant_id uuid,
  insurer_name text, policy_type text,
  premium_annual numeric, coverage_limit numeric, deductible numeric,
  coverage_types text[], exclusions text[],
  optimal_coverage numeric, optimal_premium numeric

Board Report Integration

  • CRQ results embed in Executive Board Report (Sprint 1 feature)
  • Show: top 10 risks by ALE, loss exceedance curve, treatment ROI table
  • All amounts in tenant's primary currency with USD equivalent
  • Include confidence intervals (not just point estimates)
  • Compare current vs last quarter

Downstream Wiring

  • crq.scenario.computed → risk-svc updates risk.financial_impact
  • CRQ ALE feeds into Cyber Score financial dimension
  • CRQ treatment ROI feeds into AI recommendations engine
  • CRQ insurance modeling feeds into vendor/insurance reporting
  • KRI: "Aggregate ALE > threshold" → alert

Computation Performance

  • Monte Carlo 10K iterations must complete in <30 seconds per scenario
  • Use Web Workers or worker_threads for parallel simulation
  • Cache results; recompute only when inputs change
  • Aggregate scenarios (portfolio-level) may take <5 minutes

Anti-Patterns

  • NEVER present point estimates without confidence intervals
  • NEVER use CVSS score as direct financial input (it's not calibrated for loss)
  • NEVER skip Monte Carlo — deterministic CRQ is misleading
  • NEVER hardcode loss ranges — they must be configurable per industry/region
  • NEVER display financial figures without currency symbol and locale formatting
Install via CLI
npx skills add https://github.com/Muath2000/TradeStation --skill crq-engineer
Repository Details
star Stars 0
call_split Forks 0
navigation Branch main
article Path SKILL.md
Occupations
Actuaries 152011
More from Creator
Muath2000
Muath2000 Explore all skills →