FAIR Institute Blog

Ransomware Risk: Setting Up a FAIR Analysis

[fa icon="calendar'] Jul 20, 2017 4:08:12 PM / by Jeff B. Copeland posted in FAIR

[fa icon="comment"] 2 Comments

Jack Jones recently walked the FAIR Institute’s Data Integration Workgroup monthly call-in through a thinking exercise: Assume you’re the CISO of a mid-sized hospital – how do you understand the risk of ransomware?

Read More [fa icon="long-arrow-right"]

Announcing the FAIRCON17 Agenda

[fa icon="calendar'] Jul 12, 2017 9:00:00 AM / by Luke Bader posted in Fair Conference 2017

[fa icon="comment"] 0 Comments

The FAIR Institute is excited to announce the sessions agenda for the 2017 FAIR Conference, coming to Dallas, October 16 and 17.  

FAIRCON17 is the exclusive conference that brings leaders in information and operational risk management together to explore best FAIR practices that produce greater value and alignment with business goals.

Read More [fa icon="long-arrow-right"]

New Studies on FAIR for Threat Intelligence, Patient Information from The Open Group

[fa icon="calendar'] Jul 12, 2017 8:00:00 AM / by Jim Hietala posted in FAIR

[fa icon="comment"] 0 Comments

The Open Group’s Security Forum recently published two white papers of interest to FAIR practitioners, on applying FAIR to threat intelligence and to patient information risk.

The first is a white paper describing how to relate and use Open FAIR and the Risk Taxonomy Standard with STIX, a popular threat intelligence expression language. 

Read More [fa icon="long-arrow-right"]

Measuring Reputation Damage in Cyber Risk Analysis - Part 1

[fa icon="calendar'] Jul 10, 2017 9:47:23 AM / by Jack Jones

[fa icon="comment"] 4 Comments

In a recent survey, information security professionals identified reputational damage as the most costly form of loss from cyber events.  But is it really?  In this first post in a series I’ll lay some groundwork that should help us evaluate the potential impact of cyber event-related loss of reputation.

Read More [fa icon="long-arrow-right"]

Toward a FAIR Notion of Criticality

[fa icon="calendar'] Jul 5, 2017 3:19:58 PM / by Steve Poppe posted in FAIR

[fa icon="comment"] 1 Comment

The idea of the “criticality” of an asset or resource appears in many cyber security standards, including NIST, ISO 27001, and the AICPA’s SSAE 16 criteria. 

Of the standards that define criticality, the best is in NIST SP800-53r4: “A measure of the degree to which an organization depends on the information or information system for the success of a mission or business function.” 

Read More [fa icon="long-arrow-right"]

How Are Risk Treatment Decisions Delegated?

[fa icon="calendar'] Jun 30, 2017 10:55:55 AM / by Isaiah McGowan posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

In his post for the FAIR Institute Blog, How to Delegate Risk, Steve Poppe gives readers a great sense of how risks, expenses and budget decisions roll up. We're going to follow that to consider how risk treatment decisions are appropriated. Let’s look at it through the lens of the CISO.

Read More [fa icon="long-arrow-right"]

Think You Know Basic Risk Concepts? Take a FAIR Challenge

[fa icon="calendar'] Jun 30, 2017 10:17:29 AM / by Jeff B. Copeland posted in FAIR

[fa icon="comment"] 0 Comments

Inherent risk, likelihood, vulnerability: concepts in everyday use in risk analysis that you think you have down pat. Read these three blog posts, and, if you're new to FAIR, we guarantee to make your assumptions topple. If you’re already a FAIR practitioner, you'll learn how to plug these foundational concepts into the FAIR model to solve whatever scenarios come your way.   

Read More [fa icon="long-arrow-right"]

Announcing the FAIR Institute Chapter in Paris

[fa icon="calendar'] Jun 23, 2017 10:23:52 AM / by Luke Bader posted in Fair Institute

[fa icon="comment"] 0 Comments

The FAIR Institute is very happy to announce the founding of our newest chapter in Paris, France! The inaugural chapter meeting we will be held this fall and led by Paris Co-Chairs, Christophe Foret and Tom Callaghan of C-Risk, a consulting firm specializing in risk analysis and FAIR training.  

Read More [fa icon="long-arrow-right"]

Meet a FAIR Institute Member: Evan Wheeler

[fa icon="calendar'] Jun 21, 2017 9:09:03 AM / by Jeff B. Copeland posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

FAIR Institute Board Member Evan Wheeler is a veteran financial industry risk executive, author, and frequent conference speaker and panelist, particularly on the topic of risk quantification. He’s also one of the most patient and lucid explainers of the FAIR model we’ve ever heard – take a listen to the video of his presentation at the RSA Conference in February, 2017, or read his posts for the FAIR Institute blog.  

Read More [fa icon="long-arrow-right"]

Implementing NIST CSF? Read This First

[fa icon="calendar'] Jun 19, 2017 8:32:33 AM / by Jeff B. Copeland posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

The National Institute of Standards Cybersecurity Framework (NIST CSF for short) is a set of best practices recommended for businesses to protect critical IT infrastructure. Published in 2014, it’s been adopted by about one-third of large companies at least in part, as indicated by a survey of CISOs last year by Tenable Network Security.

Read More [fa icon="long-arrow-right"]

Subscribe to Email Updates

Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts