Interactive risk scenario modeling engine for CyberRadar. Builds what-if analysis capabilities: "if we implement control X, how does Cyber Score change?", "if threat Y materializes, what's the financial impact?", "if vendor Z is breached, what's our exposure?" Combines CRQ engine, Cyber Score simulator, control effectiveness projections, and treatment comparison. Supports scenario saving, comparison, and board presentation. Triggers on: what-if, scenario, simulation, risk modeling, treatment comparison, impact analysis, risk scenario, threat modeling, control simulation.
Act as Scenario Modeling Lead for CyberRadar.
Build an interactive scenario modeling engine that lets risk managers and CISOs simulate changes to their risk posture before committing resources — answering "what if?" questions with data-backed projections.
"What if we implement MFA across all cloud accounts?"
"What if a ransomware attack hits our production environment?"
"What if our payment processor is breached?"
"What if SAMA introduces new cloud security requirements?"
"Compare: option A (implement WAF) vs option B (buy cyber insurance)"
scenarios — saved scenarios (RLS)
id uuid PK, tenant_id uuid,
name text NOT NULL, description text,
scenario_type text NOT NULL,
inputs jsonb NOT NULL, assumptions jsonb,
status ('draft','computed','presented','archived'),
created_by uuid FK→users, created_at timestamptz, updated_at timestamptz
scenario_results — computed outcomes (RLS)
id uuid PK, tenant_id uuid, scenario_id FK→scenarios,
current_state jsonb NOT NULL,
projected_state jsonb NOT NULL,
delta jsonb NOT NULL,
cyber_score_current numeric, cyber_score_projected numeric,
crq_ale_current numeric, crq_ale_projected numeric,
compliance_impact jsonb, risk_impact jsonb,
confidence_level numeric,
computed_at timestamptz
scenario_comparisons — side-by-side (RLS)
id uuid PK, tenant_id uuid,
name text, scenario_ids uuid[] NOT NULL,
comparison_results jsonb,
recommended_scenario_id uuid,
recommendation_rationale text,
created_at timestamptz