FAIR INSTITUTE SAN FRANCISCO BAY AREA CHAPTER MEETING
When: Wednesday, May 31 (4-6 p.m.)
Where: Lending Club office
What: Food & beverages will be provided. Please RSVP so we have enough food for everyone!
**Fill out the form to the right to save your spot!**
During this May's chapter meeting, we will cover two great topics on quantitative risk analysis:
1) FAIR and Statistics, Combining the Best Use of Two Worlds
Presented by Aaron Brown
The FAIR process seeks to find the best information available to valuate and quantify the risks that a company faces. The work of Jack Jones and Douglas Hubbard describe how to make the best use of ambiguous and often conflicting information that subject matter experts maintain. But the FAIR process can also incorporate the use of probabilistic math and statistical models to further reduce uncertainty. In this talk, we will describe some of the methods already developed in the statistical field to both complement and replace certain factors in the FAIR process. These models and the methodologies behind them will equip FAIR practitioners, and risk professionals, with the basic knowledge to look further into how to take advantage of the best information available.
Aaron Brown is a FAIR certified graduate of San Jose State University's Economics program with an emphasis in critical thinking and problem solving. He currently works as a Data Analyst for VivoSecurity Inc., where he helps develop econometric models that quantify the risk of cybersecurity incidents.
2)De-Bias Your Analysis with FAIR
Presented by Steve Poppe
Objectivity is the goal of a FAIR risk analysis, but it can easily be compromised by many common human biases. They can affect your estimates of the frequencies, probabilities, and loss magnitudes that are the foundation of the risk analysis. Psychologists have identified dozens of biases, such as optimism, pessimism, blindsight, availability, and anchoring. We’ll take a quick survey of common biases, see how they can tilt your analysis, and see how you can use FAIR to limit their impact. The audience will be challenged to see if they can overcome a couple of common biases.
Steve’s been practicing risk management of information systems for 20 years. Managing customer service, data center operations, and professional services has involved him in all aspects of cyber security, including infrastructure, secure application development, disaster recovery, business continuity, design and implementation of controls, audits and attestations, and client risk assessments. With formal education in engineering, he’s naturally inclined to a quantitative approach to risk management. Steve has a bachelor’s degree in electrical engineering from MIT, and a PhD in Operations Research from UC Berkeley. He is FAIR certified and a CISSP.