This inaugural year 2016 for the FAIR Institute has surpassed all expectations. The Institute has grown fast and furious into a thriving community of over 700 members.
FAIR Institute member Chip Block, from Evolver, reviewed the recently published NIST 800-160 Special Publication Systems Security Engineering and shared his considerations on what NIST 800-160 means for risk quantification, FAIR and IoT in an article that deserves to be shared with all of our members.
I'd like to thank everyone who joined the Insurance Workgroup last week. It was good to hear so many new voices and see so many new names. We've climbed to roughly 25 active members in the group.
Recently, I heard someone express an opinion that “Quantitative analysis isn’t viable because we face intelligent adversaries.”
In the first post in this series, I said there were two belief systems that drive the notion of “positive risk” within our profession.
In 2016, understanding cybersecurity risk was listed as one of the top 3 priorities for board of directors.
In probably half of the presentations I give about FAIR, someone in the audience will raise their hand and ask, “What about positive risk?”
The FAIR standard is gaining recognition as a proven model for quantifying risk in financial terms, dollars and cents.
When Tony Martin-Vegue, Cyber Risk Manager at National Mortgage Insurance, presented this case study on measuring Distributed Denial of Service (DDoS) risk at FAIR Conference 2016, the world was only a week away from one of the largest DDoS attacks in history to-date.