FAIR Institute Blog

FAIR On-A-Page: Same Great Model, Fresh New Look

[fa icon="calendar'] May 12, 2017 11:08:07 AM / by Vanessa McCoy posted in FAIR, Fair Institute

[fa icon="comment"] 0 Comments

Attention: the FAIR model we know and love has a fresh new look!

Originally created by Jack Jones, the FAIR model provides a standard taxonomy and ontology for information and operational risk. This refreshed resource is conveniently paired with key definitions; a list of various forms of loss to account for in your risk modeling; key steps to analysis scoping; and tips for calibration.

Read More [fa icon="long-arrow-right"]

Measuring Cyber Risk Requires Two Models, Not One

[fa icon="calendar'] May 10, 2017 5:00:08 PM / by Jack Jones posted in FAIR

[fa icon="comment"] 1 Comment

There are a lot of reasons why some people believe measuring cyber risk isn’t possible — from misperceptions about data shortage, to the fallacy about intelligent adversaries, to the inconsistencies that commonly occur when two different people get two different answers when measuring the same risk. 

Read More [fa icon="long-arrow-right"]

Meet a FAIR Institute Member: Bill Barouski

[fa icon="calendar'] May 8, 2017 10:52:14 AM / by Jeff B. Copeland posted in FAIR, Fair Institute

[fa icon="comment"] 0 Comments

FAIR Institute Board Member Bill Barouski served as Executive VP and CISO for the Federal Reserve System until mid-2015, overseeing information security for the US central bank, including incident response, as well as information security architecture, standards, policies and programs.

Read More [fa icon="long-arrow-right"]

Risks from Regulations: Top Operational 'Risks' for 2017? – Part 2

[fa icon="calendar'] May 3, 2017 8:47:43 PM / by Evan Wheeler posted in FAIR, Risk Management

[fa icon="comment"] 1 Comment

During the April meeting of the Operational Risk workgroup, the members continued working on a project to recast a list of top operational risks using the FAIR model.  Quick recap of this effort so far - every year, you’ll find numerous lists of supposed “top risks” from various sources, but are they even risks? 

Read More [fa icon="long-arrow-right"]

How to Deal with "Data Challenged" Risk Analyses

[fa icon="calendar'] May 2, 2017 10:36:38 AM / by Jack Jones posted in FAIR

[fa icon="comment"] 3 Comments

In the first two posts of this series, I discussed questions regarding how to make estimates when data is sparse or missing altogether, and how to account for the fact that historical data may not perfectly reflect the future.  In this post, I’ll walk through an example risk analysis that is challenged in both of those respects.

Read More [fa icon="long-arrow-right"]

'Risk Appetite' vs. 'Risk Tolerance'. What’s the Difference?

[fa icon="calendar'] May 1, 2017 8:51:54 AM / by FAIR Institute Staff posted in FAIR, Risk Management

[fa icon="comment"] 1 Comment

The terms “risk appetite” and its close cousin “risk tolerance” are often poorly understood, very rarely used to good effect, and commonly used interchangeably.

Read More [fa icon="long-arrow-right"]

Save the Date: 2017 FAIR Conference in Dallas, TX!

[fa icon="calendar'] Apr 27, 2017 3:07:48 PM / by Nicola (Nick) Sanna posted in FAIR, Events, Fair Institute, Fair Conference 2017

[fa icon="comment"] 1 Comment

Mark your calendars! The Fair Institute’s annual FAIR Conference will take place October 16-17 in Dallas, TX, at the beautiful Hilton Anatole, located in the heart of the city’s Design District. 

Read More [fa icon="long-arrow-right"]

5 Habits for Highly Effective Risk Analysis

[fa icon="calendar'] Apr 27, 2017 8:56:23 AM / by Tyanna Smith posted in FAIR

[fa icon="comment"] 0 Comments

Why is your risk analysis taking weeks or months, instead of hours or days?

Why don’t stakeholders take your results at face value?

Read More [fa icon="long-arrow-right"]

Using Historical Data

[fa icon="calendar'] Apr 25, 2017 10:44:11 AM / by Jack Jones posted in FAIR, Risk Management

[fa icon="comment"] 1 Comment

In my previous post (No Data? No Problem) I discussed the question, “How do you make estimates when you have no data?”  This post focuses on a related question – whether historical data can be relied upon to reflect the future.  

Read More [fa icon="long-arrow-right"]

Meet a FAIR Institute Member: Tony Martin-Vegue

[fa icon="calendar'] Apr 20, 2017 3:34:20 PM / by Jeff B. Copeland posted in FAIR

[fa icon="comment"] 0 Comments

Tony Martin-Vegue leads the San Francisco Bay Area chapter of the FAIR Institute, 30 members strong. Tony spoke at the first FAIR Conference in 2016, presenting a case study on measuring DDoS risk using FAIR. In his day job, he’s Manager, Information Security Risk at Lending Club, the online credit marketplace that matches investors with borrowers, bypassing traditional bank lending and passing on the savings to borrowers in lower rates. Lending Club has funded some $25 billion in loans.     

Read More [fa icon="long-arrow-right"]
LEARN MORE

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts