In any effective risk management program, you will find a team of dedicated analysts armed with robust analyses. However, an analysis is only as effective as the rationale. I have identified five simple components that help in any risk assessment, with the FAIR model or other methods.
This time last year we provided you with a list of five must-have resources to delve into risk. If you haven’t invested 30 hours into these books, there’s no better time than now!
If you’re looking to hire a cyber risk analyst – or if you are a risk analyst looking to up your game – I recommend reading Jack Jones’ new eBook An Executive’s Guide to Cyber Risk Economics where you’ll find the definitive checklist of skills required to do reliable risk analysis.
When working on the Loss Magnitude side of the FAIR risk model–and filling out lists for the standard six Forms of Loss-- there are some types of loss easy to overlook or too hard to get data for. In this post my aim is to share tips on some of these “less obvious losses” associated with 4 of the 6 standard forms on the model.
The NIST Cybersecurity Framework (NIST CSF) is one of the cornerstones – and most popular features – of US government policy to strengthen our nation’s cybersecurity. The hottest topic at the recent NIST workshop aimed at updating and refining the CSF was the development of metrics.
Recently, the Wall Street Journal (WSJ.com) published two charts from Juniper Research that paint a disheartening picture of the state of cybersecurity. One chart shows a projection of cybersecurity spending increasing (more or less linearly) over the coming five years, while the other chart projects a more exponential-looking growth in cybersecurity losses over that same timespan.
Interesting question sparked by an interesting legal case was posed on the FAIR Institute LinkedIn group discussion page recently, and answered by Institute Chairman Jack Jones. The State of New Jersey is trying to take away the license of a prominent psychologist for failing to protect patient privacy, claiming a long-running data breach of patient PHI.
We hope that you're already planning to attend FAIR Institute's annual FAIR Conference, FAIRCON17, later this year on October 16 and 17. Take advantage of our "Early Bird" pricing special, available through June 30, by clicking here.
However, you may be interested in doing more than just attending!
We are excited to share that FAIRCON17 registration is officially open! Reserve your spot today for two days packed with learning, networking and fun on October 16 & 17. Early bird pricing is now available and runs through June 30.
Hosted by FAIR Institute, The FAIR Conference brings leaders in information and operational risk management together to explore best FAIR practices that produce greater value and alignment with business goals.
The most common question I’m asked about quantitative risk analysis is "where do you get data?" That’s akin to asking a surgeon "where do you make the incision?"
Any surgeon would ask the follow-up question: for which surgery? The closer the surgery is to their specialty, the more precise a response you will get.
My response for "where do you get the data?" is usually to ask "for what analysis?"