FAIR Institute Blog

Chad Weinman


Recent Posts

Control Assessments Are Not Risk Assessments

[fa icon="calendar'] Aug 23, 2017 7:57:27 AM / by Chad Weinman posted in FAIR, Risk Management

[fa icon="comment"] 1 Comment

This is the most common “sin” we run into within the industry.  Analysts, often not specifically trained on risk, focus almost solely on controls and their effectiveness. 

Read More [fa icon="long-arrow-right"]

Missing the Mark on Risk Analysis Without ALE

[fa icon="calendar'] Aug 14, 2017 8:00:00 AM / by Chad Weinman posted in FAIR

[fa icon="comment"] 1 Comment

Annualized Loss Exposure (ALE) is a key output from a FAIR quantitative risk analysis. ALE is computed as:

ALE = Event Frequency x Single Loss Magnitude

Read More [fa icon="long-arrow-right"]

4 Most Forgotten Forms of Loss in a Risk Analysis

[fa icon="calendar'] Jun 7, 2017 9:56:29 AM / by Chad Weinman posted in FAIR

[fa icon="comment"] 0 Comments

When working on the Loss Magnitude side of the FAIR risk model–and filling out lists for the standard six Forms of Loss-- there are some types of loss easy to overlook or too hard to get data for. In this post my aim is to share tips on some of these “less obvious losses” associated with 4 of the 6 standard forms on the model. 

Read More [fa icon="long-arrow-right"]

A FAIR Risk Analyst's Take on the NIST CSF 1.1 Draft Update

[fa icon="calendar'] Jan 27, 2017 8:15:00 AM / by Chad Weinman posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

FAIR specialist Chad Weinman from RiskLens recently shared his thoughts about the draft update 1.1 to the NIST Cybersecurity Framework in a RiskLens blog post. We are re-posting the most salient parts of his article for the benefit of FAIR Institute members. 

Read More [fa icon="long-arrow-right"]

Actions Speak Louder Than Words: What is Tactical Risk Analysis?

[fa icon="calendar'] Feb 25, 2016 9:47:40 AM / by Chad Weinman posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

Tactical versus informative risk analysis

Tactical Risk Analysis is a form of risk analysis focused on driving decisions and/or actions within an organization.

This should not be confused with Informative Risk Analysis, another form of analysis, that focuses on providing visibility and awareness to a given risk issue. In my experience, the majority of risk programs I encounter are predominantly informative in their objectives. 

Read More [fa icon="long-arrow-right"]

The Pitfalls of Mixing and Matching Risk Models

[fa icon="calendar'] Feb 11, 2016 5:16:24 PM / by Chad Weinman posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

Using qualitative and quantitative methods to assess risk

A 2015 Open Group survey collected data about information risk programs from over 100 organizations. One important insight was that more than half of all surveyed organizations used a combination of both qualitative and quantitative methods for their risk analyses.

Read More [fa icon="long-arrow-right"]

3 Key Steps to Scoping a Risk Analysis

[fa icon="calendar'] Jan 13, 2016 11:04:07 AM / by Chad Weinman posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

You may remember the management adage that says "You can't manage what you don't measure". I will happily add a sibling: "You can't measure what you haven't defined."

When it comes to risk analysis, getting off on the right step is foundational. Very often when we see individuals struggling with risk analysis, our first instinct is to review their scoping.

Read More [fa icon="long-arrow-right"]
LEARN MORE

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts