FAIR Institute Blog

Inherent Risk vs. Residual Risk Explained in 90 Seconds

[fa icon="calendar'] Sep 7, 2017 3:18:43 PM / by Rachel Slabotsky posted in FAIR

[fa icon="comment"] 1 Comment

I recently had a conversation with clients around a risk analysis they conducted and noticed as they walked me through it that they seemed to get hung up on the terms “inherent risk” and “residual risk” and what inherent risk represented in that particular scenario.

Read More [fa icon="long-arrow-right"]

3 Ways to Get a Risk Analysis Project Off to a Bad Start

[fa icon="calendar'] Sep 6, 2017 7:15:00 AM / by Cody Whelan posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

The first big step in a risk analysis is scoping.  Each part of the analysis process builds on the other so if you get scoping wrong, the rest of your analysis is on shaky ground at best.  Remember,  scoping is where you clearly:

Read More [fa icon="long-arrow-right"]

Meet a FAIR Institute Member: Wade Baker

[fa icon="calendar'] Aug 30, 2017 4:06:59 PM / by Jeff B. Copeland posted in FAIR, Fair Institute, Fair Conference 2017

[fa icon="comment"] 0 Comments

FAIR Institute Board Member Wade Baker started the Verizon Data Breach Investigations Report (DBIR), the granddaddy of cybersecurity incident reporting, and still the leading source of hard data on the threat landscape.

Read More [fa icon="long-arrow-right"]

A FAIR Budget for Disaster Preparedness

[fa icon="calendar'] Aug 29, 2017 9:40:00 AM / by Steve Poppe posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

With the massive flooding in Houston from Hurricane Harvey, we're re-publishing this very relevant post from 2016 by Steve Poppe about how local governments can apply FAIR modeling to plan for megastorms. 

 

Read More [fa icon="long-arrow-right"]

FAIRCON17 Awards: Nominate Your FAIR Champions

[fa icon="calendar'] Aug 23, 2017 8:19:54 AM / by Luke Bader posted in FAIR, Fair Conference 2017

[fa icon="comment"] 0 Comments

Honoring Excellence in Information and Operational Risk Management

At the FAIR Conference 2017 in Dallas, October 16-17, The FAIR Institute will honor risk management leaders for their initiative, ingenuity and contributions to information and operational risk management.

Read More [fa icon="long-arrow-right"]

Control Assessments Are Not Risk Assessments

[fa icon="calendar'] Aug 23, 2017 7:57:27 AM / by Chad Weinman posted in FAIR, Risk Management

[fa icon="comment"] 1 Comment

This is the most common “sin” we run into within the industry.  Analysts, often not specifically trained on risk, focus almost solely on controls and their effectiveness. 

Read More [fa icon="long-arrow-right"]

Risk Analysis vs. Risk Assessment: What's the Difference?

[fa icon="calendar'] Aug 22, 2017 8:00:00 AM / by Jeff B. Copeland posted in FAIR

[fa icon="comment"] 0 Comments

Yes, this is Cyber Risk 101, but risk analysis vs risk assessment is common confusion, so let Jack Jones explain it in an excerpt from his book Measuring and Managing Information Risk: A FAIR Approach

Read More [fa icon="long-arrow-right"]

The Cybersecurity Social Contract: Q&A with Larry Clinton

[fa icon="calendar'] Aug 17, 2017 7:30:00 AM / by Jeff B. Copeland

[fa icon="comment"] 0 Comments

Larry Clinton has been advocating for cybersecurity in Washington since the days when “I had to start the conversation by spelling ‘cyber’”.  President of the Internet Security Alliance since 2003, Clinton has doggedly pushed Congress and successive Administrations to take a holistic approach to information security issues or, as he calls it, the Cybersecurity Social Contract, laid out in a book of the same title, from the ISA.

Read More [fa icon="long-arrow-right"]

Missing the Mark on Risk Analysis Without ALE

[fa icon="calendar'] Aug 14, 2017 8:00:00 AM / by Chad Weinman posted in FAIR

[fa icon="comment"] 1 Comment

Annualized Loss Exposure (ALE) is a key output from a FAIR quantitative risk analysis. ALE is computed as:

ALE = Event Frequency x Single Loss Magnitude

Read More [fa icon="long-arrow-right"]

Where to Find Risk Scenarios to Analyze

[fa icon="calendar'] Aug 11, 2017 11:45:59 AM / by Cody Whelan posted in Risk Management

[fa icon="comment"] 0 Comments

This may not come as a shock, but a big part of what a risk analyst does is analyzing the issues that an organization is concerned with occurring. 

The analysis part of the job spans an entire process, but a critical part involves first finding those things that are worth conducting a risk analysis over. 

Read More [fa icon="long-arrow-right"]
LEARN MORE

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts