FAIR Institute Blog

For Better Risk Assessments in SSAE 18 Audits, Try Quantification with FAIR

[fa icon="calendar'] Feb 9, 2018 4:08:05 PM / by Rachel Slabotsky posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

One of my final initiatives prior to leaving public accounting and entering my new role in risk management was helping organizations prepare for the changes introduced by AICPA in the SSAE 18 audit standard, which went into effect in May 2017.

Read More [fa icon="long-arrow-right"]

Case Study: Demystifying ICS Cyber Risk with FAIR

[fa icon="calendar'] Feb 7, 2018 9:10:00 AM / by Michael Radigan posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

Simply put, when Industrial Control System (ICS) cyber risk is accurately modeled, measured, quantified and normalized with mechanical / industrial operational risk, it is then demystified.  

Read More [fa icon="long-arrow-right"]

3 Risk Identification Questions You Should Be Asking

[fa icon="calendar'] Jan 29, 2018 10:33:25 AM / by David Musselwhite posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

Risk managers are always seeking to address the risks that matter most to their organizations. But you can’t analyze and prioritize what you don’t identify.

Read More [fa icon="long-arrow-right"]

3 Ways to Gather Loss Magnitude Data (from Your Cubicle)

[fa icon="calendar'] Jan 19, 2018 11:22:57 AM / by Cody Whelan posted in Risk Management

[fa icon="comment"] 0 Comments


A while back I wrote a post called The Dangers of Being a Cubicle Risk Analyst.  The premise being that a good risk analyst could not gather all of the information necessary to run a sound and defensible risk analysis from what they could gather in their four walls.  A good risk analyst ventures out to gather both loss event frequency and loss magnitude data from those in the know throughout the organization. 

Read More [fa icon="long-arrow-right"]

How to Analyze Your Risk from GDPR: A FAIR Approach

[fa icon="calendar'] Jan 19, 2018 10:49:47 AM / by Rachel Slabotsky posted in Risk Management, FAIR risk model

[fa icon="comment"] 1 Comment

As the final months approach before the EU's General Data Protection Regulation (GDPR) goes into effect in May, 2018, organizations are making significant investments to ensure they are prepared for the changes to come, particularly the strict rules on handling consumers’ personally identifiable information (PII).

Read More [fa icon="long-arrow-right"]

To Bring Value in a Risk Analysis, Tell a Story and Provide a Solution

[fa icon="calendar'] Jan 16, 2018 9:00:00 AM / by Rebecca Merritt posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

Imagine this – an issue is assigned to your risk analyst team, either by your management, someone in the business, or perhaps it's some area of weakness your own team identified. After completing the analysis, now it's time to prepare a presentation on the risk results.

Read More [fa icon="long-arrow-right"]

Ponemon Report on the True Cost of Compliance -- A Missed Opportunity

[fa icon="calendar'] Jan 3, 2018 9:00:00 AM / by Jack Jones posted in Risk Management, Jack Jones

[fa icon="comment"] 7 Comments

The Wall Street Journal recently referenced a research report published by Ponemon Institute entitled The True Cost of Compliance With Data Protection Regulations.  After reading the report I’ve come to the conclusion that although the research objective was admirable, it completely missed the target. 

Read More [fa icon="long-arrow-right"]

Jack Jones: Is There One Best Risk Metric? [Part 1]

[fa icon="calendar'] Dec 21, 2017 8:45:00 AM / by Jeff B. Copeland posted in FAIR, Risk Management, Jack Jones

[fa icon="comment"] 0 Comments

On his recent FAIR Institute Cyber Risk Workgroup Call (membership required), FAIR model creator Jack Jones fielded this question: If you had to judge an organization in terms of how well it manages risk using just one metric, what one metric would you use?

Read More [fa icon="long-arrow-right"]

Amazon S3 Bucket Data Breaches – a FAIR Risk Analysis

[fa icon="calendar'] Nov 29, 2017 3:30:00 PM / by Rebecca Merritt posted in FAIR, Risk Management, Case Studies

[fa icon="comment"] 1 Comment

Army documents marked Top Secret…data on 14 million Verizon customers…voter information on 198 million Americans…Just a few of the recent reports on data breaches—or open data discovered by security researchers before a breach occurred—on Amazon S3 “buckets”.

Read More [fa icon="long-arrow-right"]

Three Reasons You Should Get FAIR Certified

[fa icon="calendar'] Nov 29, 2017 12:03:33 PM / by David Musselwhite posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

Whether you’ve just been introduced to FAIR, recently completed RiskLens’ FAIR training, or learned about FAIR through self-study, pursuing the Open FAIR Certification is a worthwhile goal. As more large companies and regulatory bodies accept FAIR as a leading methodology for quantitatively analyzing risk, the Open FAIR Certification is becoming increasingly valuable. 

Read More [fa icon="long-arrow-right"]
LEARN MORE

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts