FAIR Institute Blog

4 Tips for Running Risk Analysis Meetings

[fa icon="calendar'] Sep 15, 2017 7:00:00 AM / by Rebecca Merritt posted in Risk Management

[fa icon="comment"] 0 Comments

As a risk consultant, I run a lot of meetings for project scoping or data gathering that bring together people from around a company, usually with different perspectives and agendas. Often these meetings require that everyone come together and agree on a direction for a risk analysis project.

Read More [fa icon="long-arrow-right"]

Is Cyber Risk Measurement Just "Guessing"?

[fa icon="calendar'] Sep 12, 2017 12:36:29 PM / by Jack Jones posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

I regularly read blog posts or encounter people in our profession who dismiss quantitative cyber risk measurement as “guessing”, or “nothing more than feelings” (cue the Morris Albert song).  Since this is such a common concern, I thought it would be worthwhile to examine this issue of what's subjective, what's objective and what falls between. 

Read More [fa icon="long-arrow-right"]

Benchmark Your Risk Management Team - Take Our Survey

[fa icon="calendar'] Sep 7, 2017 3:24:00 PM / by Luke Bader posted in FAIR, Risk Management, Fair Conference 2017

[fa icon="comment"] 0 Comments

UPDATE: The survey is now closed. We will be releasing the results at the 2017 FAIR Conference in October. See the FAIRCON17 agenda to learn more.


With over 100 responses already, we would like to extend the opportunity to participate in the 2017 Risk Management Maturity Survey to all risk management professionals.

Read More [fa icon="long-arrow-right"]

3 Ways to Get a Risk Analysis Project Off to a Bad Start

[fa icon="calendar'] Sep 6, 2017 7:15:00 AM / by Cody Whelan posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

The first big step in a risk analysis is scoping.  Each part of the analysis process builds on the other so if you get scoping wrong, the rest of your analysis is on shaky ground at best.  Remember,  scoping is where you clearly:

Read More [fa icon="long-arrow-right"]

A FAIR Budget for Disaster Preparedness

[fa icon="calendar'] Aug 29, 2017 9:40:00 AM / by Steve Poppe posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

With the massive flooding in Houston from Hurricane Harvey, we're re-publishing this very relevant post from 2016 by Steve Poppe about how local governments can apply FAIR modeling to plan for megastorms. 


Read More [fa icon="long-arrow-right"]

Control Assessments Are Not Risk Assessments

[fa icon="calendar'] Aug 23, 2017 7:57:27 AM / by Chad Weinman posted in FAIR, Risk Management

[fa icon="comment"] 1 Comment

This is the most common “sin” we run into within the industry.  Analysts, often not specifically trained on risk, focus almost solely on controls and their effectiveness. 

Read More [fa icon="long-arrow-right"]

Where to Find Risk Scenarios to Analyze

[fa icon="calendar'] Aug 11, 2017 11:45:59 AM / by Cody Whelan posted in Risk Management

[fa icon="comment"] 0 Comments

This may not come as a shock, but a big part of what a risk analyst does is analyzing the issues that an organization is concerned with occurring. 

The analysis part of the job spans an entire process, but a critical part involves first finding those things that are worth conducting a risk analysis over. 

Read More [fa icon="long-arrow-right"]

Secrets to Gathering Good Data for a Risk Analysis

[fa icon="calendar'] Jul 27, 2017 3:04:34 PM / by Tyanna Smith posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

“I don’t know.”

“I have no idea.”

“Where would I get that information?”

“I have no way of getting that information.”

These are just a couple of the common responses we see when someone first attempts an analysis.
Read More [fa icon="long-arrow-right"]

The Problem with Ransomware Risk Data

[fa icon="calendar'] Jul 21, 2017 8:00:00 AM / by Jeff B. Copeland posted in Risk Management

[fa icon="comment"] 3 Comments

Hats off to (FAIR Institute Board Member) Wade Baker and partner Jay Jacobs of Cyentia Institute for plowing through all the available public data sources on ransomware and writing two blog posts that are essential reading for anyone serious about estimating ransomware risk from a solid foundation. 

Read More [fa icon="long-arrow-right"]

How Are Risk Treatment Decisions Delegated?

[fa icon="calendar'] Jun 30, 2017 10:55:55 AM / by Isaiah McGowan posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

In his post for the FAIR Institute Blog, How to Delegate Risk, Steve Poppe gives readers a great sense of how risks, expenses and budget decisions roll up. We're going to follow that to consider how risk treatment decisions are appropriated. Let’s look at it through the lens of the CISO.

Read More [fa icon="long-arrow-right"]

Subscribe to Email Updates

Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts