FAIR Institute Blog

Think You Know Basic Risk Concepts? Take a FAIR Challenge

[fa icon="calendar'] Jun 30, 2017 10:17:29 AM / by Jeff B. Copeland posted in FAIR

[fa icon="comment"] 0 Comments

Inherent risk, likelihood, vulnerability: concepts in everyday use in risk analysis that you think you have down pat. Read these three blog posts, and, if you're new to FAIR, we guarantee to make your assumptions topple. If you’re already a FAIR practitioner, you'll learn how to plug these foundational concepts into the FAIR model to solve whatever scenarios come your way.   

Read More [fa icon="long-arrow-right"]

Meet a FAIR Institute Member: Evan Wheeler

[fa icon="calendar'] Jun 21, 2017 9:09:03 AM / by Jeff B. Copeland posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

FAIR Institute Board Member Evan Wheeler is a veteran financial industry risk executive, author, and frequent conference speaker and panelist, particularly on the topic of risk quantification. He’s also one of the most patient and lucid explainers of the FAIR model we’ve ever heard – take a listen to the video of his presentation at the RSA Conference in February, 2017, or read his posts for the FAIR Institute blog.  

Read More [fa icon="long-arrow-right"]

Implementing NIST CSF? Read This First

[fa icon="calendar'] Jun 19, 2017 8:32:33 AM / by Jeff B. Copeland posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

The National Institute of Standards Cybersecurity Framework (NIST CSF for short) is a set of best practices recommended for businesses to protect critical IT infrastructure. Published in 2014, it’s been adopted by about one-third of large companies at least in part, as indicated by a survey of CISOs last year by Tenable Network Security.

Read More [fa icon="long-arrow-right"]

What Makes a Good Risk Analyst?

[fa icon="calendar'] Jun 9, 2017 6:13:15 AM / by Tim Wynkoop posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

If you’re looking to hire a cyber risk analyst – or if you are a risk analyst looking to up your game – I recommend reading Jack Jones’ new eBook An Executive’s Guide to Cyber Risk Economics where you’ll find the definitive checklist of skills required to do reliable risk analysis. 

Read More [fa icon="long-arrow-right"]

4 Most Forgotten Forms of Loss in a Risk Analysis

[fa icon="calendar'] Jun 7, 2017 9:56:29 AM / by Chad Weinman posted in FAIR

[fa icon="comment"] 0 Comments

When working on the Loss Magnitude side of the FAIR risk model–and filling out lists for the standard six Forms of Loss-- there are some types of loss easy to overlook or too hard to get data for. In this post my aim is to share tips on some of these “less obvious losses” associated with 4 of the 6 standard forms on the model. 

Read More [fa icon="long-arrow-right"]

Metrics? What Metrics? Finding the Missing Link to the NIST Cybersecurity Framework

[fa icon="calendar'] Jun 5, 2017 8:18:03 AM / by Larry Clinton posted in FAIR, Risk Management

[fa icon="comment"] 2 Comments

The NIST Cybersecurity Framework (NIST CSF) is one of the cornerstones and most popular features of US government policy to strengthen our nation’s cybersecurity. The hottest topic at the recent NIST workshop aimed at updating and refining the CSF was the development of metrics.

Read More [fa icon="long-arrow-right"]

Cyber Economics: Smarter (vs. More Expensive) Cybersecurity

[fa icon="calendar'] May 30, 2017 11:19:02 AM / by Jack Jones posted in FAIR

[fa icon="comment"] 2 Comments

Recently, the Wall Street Journal (WSJ.com) published two charts from Juniper Research that paint a disheartening picture of the state of cybersecurity.  One chart shows a projection of cybersecurity spending increasing (more or less linearly) over the coming five years, while the other chart projects a more exponential-looking growth in cybersecurity losses over that same timespan. 

Read More [fa icon="long-arrow-right"]

How to Show Due Diligence to Regulators in a Personal Health Information (PHI) Data Breach

[fa icon="calendar'] May 30, 2017 9:44:12 AM / by Jeff B. Copeland posted in FAIR

[fa icon="comment"] 0 Comments

Interesting question sparked by an interesting legal case was posed on the FAIR Institute LinkedIn group discussion page recently, and answered by Institute Chairman Jack Jones. The State of New Jersey is trying to take away the license of a prominent psychologist for failing to protect patient privacy, claiming a long-running data breach of patient PHI.

Read More [fa icon="long-arrow-right"]

Smart Risk Assessment Starts Here: The Privacy Office

[fa icon="calendar'] May 19, 2017 11:58:00 AM / by Isaiah McGowan posted in FAIR

[fa icon="comment"] 0 Comments

The most common question I’m asked about quantitative risk analysis is "where do you get data?" That’s akin to asking a surgeon "where do you make the incision?" 

Any surgeon would ask the follow-up question: for which surgery? The closer the surgery is to their specialty, the more precise a response you will get. 

My response for "where do you get the data?" is usually to ask "for what analysis?"

Read More [fa icon="long-arrow-right"]

How to Delegate Risk

[fa icon="calendar'] May 18, 2017 10:45:07 AM / by Stephen Poppe posted in FAIR

[fa icon="comment"] 0 Comments

In all but the smallest organizations, decisions of one sort or another are made at various levels and by many people. 

Since every decision is partly a decision about risk, organizations delegate the responsibility for risk management and the authority to make risk decisions (for short, “delegate risk”) in the same way they delegate decision-making authority. 

Read More [fa icon="long-arrow-right"]
LEARN MORE

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts