FAIR Institute Blog

The 3 Most Confusing Risk Analysis Terms

[fa icon="calendar'] Jan 23, 2018 9:00:00 AM / by Cary Wise posted in FAIR

[fa icon="comment"] 1 Comment

Careful, risk analysts – it’s easy to miss the difference between these sound-alike pairs of terms when you scope a FAIR risk analysis:

  • Probability vs. Possibility
  • Loss Event vs. Threat Event
  • Contact vs. Threat Event
Read More [fa icon="long-arrow-right"]

3 Ways to Gather Loss Magnitude Data (from Your Cubicle)

[fa icon="calendar'] Jan 19, 2018 11:22:57 AM / by Cody Whelan posted in Risk Management

[fa icon="comment"] 0 Comments

A while back I wrote a post called The Dangers of Being a Cubicle Risk Analyst.  The premise being that a good risk analyst could not gather all of the information necessary to run a sound and defensible risk analysis from what they could gather in their four walls.  A good risk analyst ventures out to gather both loss event frequency and loss magnitude data from those in the know throughout the organization. 

Read More [fa icon="long-arrow-right"]

How to Analyze Your Risk from GDPR: A FAIR Approach

[fa icon="calendar'] Jan 19, 2018 10:49:47 AM / by Rachel Slabotsky posted in Risk Management, FAIR risk model

[fa icon="comment"] 1 Comment

As the final months approach before the EU's General Data Protection Regulation (GDPR) goes into effect in May, 2018, organizations are making significant investments to ensure they are prepared for the changes to come, particularly the strict rules on handling consumers’ personally identifiable information (PII).

Read More [fa icon="long-arrow-right"]

To Bring Value in a Risk Analysis, Tell a Story and Provide a Solution

[fa icon="calendar'] Jan 16, 2018 9:00:00 AM / by Rebecca Merritt posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

Imagine this – an issue is assigned to your risk analyst team, either by your management, someone in the business, or perhaps it's some area of weakness your own team identified. After completing the analysis, now it's time to prepare a presentation on the risk results.

Read More [fa icon="long-arrow-right"]

How Board Members Can Improve Cyber Risk Oversight in 2018

[fa icon="calendar'] Jan 8, 2018 12:05:24 PM / by Steve Tabacek

[fa icon="comment"] 0 Comments

You wake up one morning, scroll through your inbox and notice an email titled “Corporate Sensitive - Special Meeting” marked high priority from the company employing you as a board member.

Read More [fa icon="long-arrow-right"]

Ponemon Report on the True Cost of Compliance -- A Missed Opportunity

[fa icon="calendar'] Jan 3, 2018 9:00:00 AM / by Jack Jones posted in Risk Management, Jack Jones

[fa icon="comment"] 7 Comments

The Wall Street Journal recently referenced a research report published by Ponemon Institute entitled The True Cost of Compliance With Data Protection Regulations.  After reading the report I’ve come to the conclusion that although the research objective was admirable, it completely missed the target. 

Read More [fa icon="long-arrow-right"]

Jack Jones Looks Forward into 2018 for Cyber and Technology Risk

[fa icon="calendar'] Dec 29, 2017 1:20:00 PM / by Jack Jones posted in FAIR, Jack Jones

[fa icon="comment"] 4 Comments

When I was recently asked to write a blog post making cyber and technology risk predictions for 2018, I balked.  If you’ve read (and you should read)  Superforecasting: The Art and Science of Prediction  (Dan Gardner and Philip Tetlock), you’ll understand why. 

Read More [fa icon="long-arrow-right"]

Year in Review: The FAIR Institute in 2017 [Infographic]

[fa icon="calendar'] Dec 26, 2017 9:00:00 AM / by Luke Bader posted in FAIR, Infographic, Fair Institute

[fa icon="comment"] 0 Comments

The FAIR Institute has seen fantastic growth in 2017 and we would like to thank all of our members and partners for helping to spread the message of FAIR. 

Read More [fa icon="long-arrow-right"]

Jack Jones: Is There One Best Risk Metric? [Part 1]

[fa icon="calendar'] Dec 21, 2017 8:45:00 AM / by Jeff B. Copeland posted in FAIR, Risk Management, Jack Jones

[fa icon="comment"] 0 Comments

On his recent FAIR Institute Cyber Risk Workgroup Call (membership required), FAIR model creator Jack Jones fielded this question: If you had to judge an organization in terms of how well it manages risk using just one metric, what one metric would you use?

Read More [fa icon="long-arrow-right"]

Santa’s Naughty and Nice List for Risk Registers

[fa icon="calendar'] Dec 18, 2017 12:09:03 PM / by Teresa Suarez

[fa icon="comment"] 0 Comments

It’s crunch time for Santa, his big December 25th deadline is quickly approaching. To prepare for Christmas, he’s making his risk register and checking it twice. 

Read More [fa icon="long-arrow-right"]

Subscribe to Email Updates

Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts