FAIR Institute Blog

Meet a FAIR Institute Member: Evan Wheeler

[fa icon="calendar'] Jun 21, 2017 9:09:03 AM / by Jeff B. Copeland posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

FAIR Institute Board Member Evan Wheeler is a veteran financial industry risk executive, author, and frequent conference speaker and panelist, particularly on the topic of risk quantification. He’s also one of the most patient and lucid explainers of the FAIR model we’ve ever heard – take a listen to the video of his presentation at the RSA Conference in February, 2017, or read his posts for the FAIR Institute blog.  

Read More [fa icon="long-arrow-right"]

Implementing NIST CSF? Read This First

[fa icon="calendar'] Jun 19, 2017 8:32:33 AM / by Jeff B. Copeland posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

The National Institute of Standards Cybersecurity Framework (NIST CSF for short) is a set of best practices recommended for businesses to protect critical IT infrastructure. Published in 2014, it’s been adopted by about one-third of large companies at least in part, as indicated by a survey of CISOs last year by Tenable Network Security.

Read More [fa icon="long-arrow-right"]

5 Essentials for a Good Rationale in Risk Analysis

[fa icon="calendar'] Jun 16, 2017 5:27:04 PM / by Tyanna Smith posted in Risk Management

[fa icon="comment"] 0 Comments

In any effective risk management program, you will find a team of dedicated analysts armed with robust analyses. However, an analysis is only as effective as the rationale. I have identified five simple components that help in any risk assessment, with the FAIR model or other methods.

Read More [fa icon="long-arrow-right"]

3 More Must-Read Books to Jumpstart Your Career in Risk Management

[fa icon="calendar'] Jun 15, 2017 10:52:47 AM / by Isaiah McGowan posted in Risk Management

[fa icon="comment"] 0 Comments

This time last year we provided you with a list of five must-have resources to delve into risk. If you haven’t invested 30 hours into these books, there’s no better time than now!

Read More [fa icon="long-arrow-right"]

What Makes a Good Risk Analyst?

[fa icon="calendar'] Jun 9, 2017 6:13:15 AM / by Tim Wynkoop posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

If you’re looking to hire a cyber risk analyst – or if you are a risk analyst looking to up your game – I recommend reading Jack Jones’ new eBook An Executive’s Guide to Cyber Risk Economics where you’ll find the definitive checklist of skills required to do reliable risk analysis. 

Read More [fa icon="long-arrow-right"]

Metrics? What Metrics? Finding the Missing Link to the NIST Cybersecurity Framework

[fa icon="calendar'] Jun 5, 2017 8:18:03 AM / by Larry Clinton posted in FAIR, Risk Management

[fa icon="comment"] 1 Comment

The NIST Cybersecurity Framework (NIST CSF) is one of the cornerstones and most popular features of US government policy to strengthen our nation’s cybersecurity. The hottest topic at the recent NIST workshop aimed at updating and refining the CSF was the development of metrics.

Read More [fa icon="long-arrow-right"]

Risks from Regulations: Top Operational 'Risks' for 2017? – Part 2

[fa icon="calendar'] May 3, 2017 8:47:43 PM / by Evan Wheeler posted in FAIR, Risk Management

[fa icon="comment"] 1 Comment

During the April meeting of the Operational Risk workgroup, the members continued working on a project to recast a list of top operational risks using the FAIR model.  Quick recap of this effort so far - every year, you’ll find numerous lists of supposed “top risks” from various sources, but are they even risks? 

Read More [fa icon="long-arrow-right"]

'Risk Appetite' vs. 'Risk Tolerance'. What’s the Difference?

[fa icon="calendar'] May 1, 2017 8:51:54 AM / by FAIR Institute Staff posted in FAIR, Risk Management

[fa icon="comment"] 1 Comment

The terms “risk appetite” and its close cousin “risk tolerance” are often poorly understood, very rarely used to good effect, and commonly used interchangeably.

Read More [fa icon="long-arrow-right"]

Using Historical Data

[fa icon="calendar'] Apr 25, 2017 10:44:11 AM / by Jack Jones posted in FAIR, Risk Management

[fa icon="comment"] 1 Comment

In my previous post (No Data? No Problem) I discussed the question, “How do you make estimates when you have no data?”  This post focuses on a related question – whether historical data can be relied upon to reflect the future.  

Read More [fa icon="long-arrow-right"]

Survey Shows How CISOs Fail to Communicate to Boards – And How to Fix It [Infographic]

[fa icon="calendar'] Apr 20, 2017 2:37:37 PM / by Jeff B. Copeland posted in Risk Management

[fa icon="comment"] 0 Comments

FAIR Institute Member Wade Baker surveyed over a hundred CISOs and corporate board directors to find out just why these two groups have so much trouble communicating. The results are in the just released Cyber Balance Sheet from Wade’s Cyentia Institute and risk management firm Focal Point (FAIR Institute Chairman Jack Jones was a contributor).

Read More [fa icon="long-arrow-right"]
LEARN MORE

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts