FAIR Institute Blog

CISA Looks to Quantify National Risk from Cyber Attacks

[fa icon="calendar'] Dec 7, 2021 12:30:00 PM / by Jeff B. Copeland posted in FAIR Conference 2021

[fa icon="comment"] 0 Comments

Bob Kolasky, who runs the National Risk Management Center in CISA, gave the FAIR Conference 2021 a briefing on CISA’s Systemic Cyber Risk Reduction Venture, an effort to manage and reduce cyber risks to critical infrastructure.

Read More [fa icon="long-arrow-right"]

3 Things About Controls Your Cybersecurity Staff May Not Be Telling You

[fa icon="calendar'] Dec 7, 2021 8:49:25 AM / by Jeff B. Copeland posted in FAIR-CAM

[fa icon="comment"] 0 Comments

With all the time and money that infosec professionals invest in controls – implementing, patching, auditing, policy promulgation, etc. – you’d think they would be driving control stacks like finely-tuned machines.

Read More [fa icon="long-arrow-right"]

FAIR Use Case: Introducing Quantitative Risk Management at Fashion Group Richemont

[fa icon="calendar'] Dec 2, 2021 6:30:00 AM / by Jeff B. Copeland posted in FAIR Conference 2021

[fa icon="comment"] 0 Comments

If you’re introducing FAIR™ and cyber risk quantification to your organization, look at this presentation from the 2021 FAIR Conference by Cedric De Carvalho, Cyber Risk Manager at Richemont International SA

Read More [fa icon="long-arrow-right"]

5 Metrics for Cyber Risk Resilience – Advice from a Federal Reserve Expert

[fa icon="calendar'] Dec 1, 2021 9:37:51 AM / by Jeff B. Copeland posted in FAIR Conference 2021

[fa icon="comment"] 0 Comments

Matt Tolbert, Senior Cyber Specialist, Federal Reserve Bank of Cleveland, gave some specific pointers on cybersecurity resilience in a presentation at the recent 2021 FAIR Conference

Read More [fa icon="long-arrow-right"]

Jack Jones: The Quality of Qualitative Risk Measurement (Continued)

[fa icon="calendar'] Nov 30, 2021 11:24:48 AM / by Jack Jones posted in Jack Jones on Qualitative vs Quantitative

[fa icon="comment"] 5 Comments

In my last blog post on qualitative risk measurement, I discussed three key aspects that often make the difference between good measurements and bad measurements — scope, model, and data.  I also pointed out that these apply to both qualitative and quantitative risk measurement. 

Read More [fa icon="long-arrow-right"]

Who Owns Cyber Risk? The Answer Isn’t Clear in Many Organizations

[fa icon="calendar'] Nov 23, 2021 3:21:34 PM / by Jeff B. Copeland posted in FAIR Conference 2021

[fa icon="comment"] 0 Comments

The recent 2021 FAIR Conference (FAIRCON21) brought together three experts in corporate governance and risk management to debate how organizations should structure lines of responsibility for cyber risk and security before a cyber loss event

Read More [fa icon="long-arrow-right"]

Jack Jones: The Quality of Qualitative Risk Measurements

[fa icon="calendar'] Nov 22, 2021 8:00:00 AM / by Jack Jones posted in Jack Jones, Jack Jones on Qualitative vs Quantitative

[fa icon="comment"] 0 Comments

What makes for a high-quality qualitative risk measurement?  The answer is simple.  We just have to go back to the scope, model, and data elements

Read More [fa icon="long-arrow-right"]

Reporting to the Board on Cyber Risk: 2 Charts to Tell Your Story

[fa icon="calendar'] Nov 17, 2021 9:23:14 AM / by Jeff B. Copeland posted in FAIR Conference 2021

[fa icon="comment"] 0 Comments

Three experienced FAIR™ (Factor Analysis of Information Risk) practitioners got together at the 2021 FAIR Conference (FAIRCON21) to compare notes on best practices for reporting to the board with risk quantification. Their bottom-line advice for a board command performance: Keep it simple and relatable to what the audience already knows. 

Read More [fa icon="long-arrow-right"]

Tools and Tips to Start a FAIR Program across Your Organization

[fa icon="calendar'] Nov 16, 2021 2:00:00 PM / by Jeff B. Copeland posted in FAIR Conference 2021

[fa icon="comment"] 0 Comments

It was a good problem to have: The board at Government Employees Health Association (GEHA) directed the risk team to start presenting on risk in quantitative terms by the next quarter. A good problem because support from the top would open many doors – but still, the team had to adopt and implement a FAIR™ program from nearly a standing start on a tight timeframe.

Read More [fa icon="long-arrow-right"]

Jack Jones: What Do Qualitative and Quantitative Risk Measurements Have in Common?

[fa icon="calendar'] Nov 16, 2021 7:57:53 AM / by Jack Jones posted in Jack Jones on Qualitative vs Quantitative

[fa icon="comment"] 0 Comments

There are a lot of blog posts and conference presentations that discuss the differences between qualitative vs. quantitative risk analysis.  Most of the time, those discussions focus on the challenges or perceived flaws in one or the other. 

Read More [fa icon="long-arrow-right"]
LEARN MORE

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts