We’ve applied the latest research and innovative technology to ensure a digitally resilient enterprise – A next generation GRC that leverages machine learning, MITRE ATT&CK framework, NIST CSF, and FAIR to quantify cyber security risk in close to real-time.

Cybersecurity remediation planning is usually conducted annually or quarterly based on threat modelling. allows this process to be more accessible, consistent and timely – close to real time. As well as all the features of a GRC such as service and vendor assessments and risk management, uses machine learning of global threat actors and their techniques (based on the MITRE ATT&CK framework), a model of the architecture of each of your key services and their cyber control posture (in NIST, ISO or another taxonomy), as well as the FAIR (Factor Analysis of Informational Risk) model, to determine your next best control improvement or basket of improvements. can also integrate with cybersecurity metrics to do this in close to real time.

KNOWLEDGE. is a SaaS implementation of our comprehensive myRISK® framework based on research cited in over 20 University papers and international frameworks.
It is a cost effective and scalable platform for internal / external consulting, assessments, risk management, program delivery, and resource management.
It is supported by our clickable consulting services using industry thought leaders with multiple certifications as well as the know how and experience to delivery best practice advice and achievable plans. AI was developed in a project at the University of Wollongong.


Threat Actor strength, targets and preferences.
NIST CSF control effectiveness.
MITRE ATT&CK framework
Target Architecture


Threat Actor likely paths.
Threat events & success rates.
Controls & strength of resistance.
Control comparisons.



Current LEF.
Best case LEF.
Optimal basket of controls.
Ranking of controls.
Return on Investment.





Using a cyber security risk manager is able to record control effectiveness using NIST, ISO or other frameworks, define and quantify risk scenarios, calculate inherent and current cyber risk, create risk profiles for services, vendors or business units, and periodically report risk buy-down associated with cyber security transformation initiatives.


Using, a cyber security specialist is able to assess cyber risk in close to real time, based on machine learning of the threat associated with various adversary actions (using the MITRE attack framework) against a model architecture, and the machine determined efficacy of countermeasures (mapped back to NIST CSF or ISO 27001 controls), quantified using Factor Analysis of Information Risk (FAIR).


Using, a Chief Information Security Officer is able to periodically conduct what-if analysis to determine the return on investment of a basket of control inprovements and develeop the optimal cyber security roadmap for the organisation.


Our services including governance, risk and cybersecurity frameworks; threat, risk & control assessments; cyber advisory; risk quantification and remediation planning; security architecture; M&A and vendor due diligence; control assurance; compliance and audit readiness; and cyber mentoring.

Get Started with 

Contact us today to register for our early adopter program


Cyberisk Australia
Tank Stream Labs
Level 4, 17-19 Bridge Street
Sydney NSW 2000