On October 14th 2016, I had the privilege of providing the keynote presentation at the first annual FAIR Conference in Charlotte, NC.
I recently spoke with a risk professional who had encountered challenges when presenting quantitative risk analysis results to business management.
Sometimes it’s important to challenge conventional “wisdom”.
We’ve recently gotten some questions about how to apply FAIR against project-related risk – e.g., “How much risk is associated with the potential for software testers to be unavailable for this project?”
There was a question recently on the FAIR Institute Members LinkedIn forum regarding “unknowns”, specifically, “How do we analyze the risk of not knowing what threats and vulnerabilities we might not be aware of that could lead to losses?”
This 5th post in this series comes to you courtesy of useful feedback I received from leaders within the NIST CSF program team.