As board members and executives are asking risk management teams to quantify their organization's cybersecurity risk, analysts are seeking a practical risk model that enables quantification and provides output to inform business-aligned decision making on cyber risk. The FAIR quantitative risk model is capturing the interests of cyber risk executives, experts, and analysts across industries, but what is FAIR and how does it work?
The International Information System Security Certification Consortium or (ISC)², – the certifying body of the CISSP certification – recently hosted an educational webinar that introduced its members to FAIR. The hour-long webinar titled “Pragmatic Cyber Risk Quantification” was led by Jack Jones, the original author of FAIR, followed by a demo of RiskLens Cyber Risk Quantification application by FAIR expert Cody Whelan. Jack introduced the audience to the basic concepts of FAIR and highlighted the importance of clear nomenclature, context, and assumptions for cyber risk analyses, while Cody put theory into practice.
It is also fair to note (pun intended), that both Jack and Cody are employees of our technical advisor, RiskLens. The RiskLens Cyber Risk Quantification application is purpose-built on FAIR and is helping many large organizations quantify cybersecurity risk in dollars and cents.
Curious to see the FAIR model and software in action? Watch the Webinar Now by clicking the button below!