The North Carolina chapter of the FAIR Institute launches with a meeting on Thursday, February 22, in Charlotte, co-chaired by La’Treall Maddox of Cisco Systems, Inc., along with David Sheronas from Bank of America. La’Treall is Strategy Risk Manager for Cisco’s Security & Trust Organization (S&TO), and the leading FAIR evangelist at the company, which is making a major push on risk quantification;
The FAIR Institute is very excited to announce the upcoming launch of Link, our member community platform. The rapid growth of the FAIR Institute along with member demand for better resource accessibility and member collaboration led us to the decision to retire the current Member Resources section of the website and adopt a true member community platform.
Interested in building a state-of-the-art information risk management course at your university? Join us for the FAIR University Curriculum Virtual Panel Webinar on Friday, February 23rd, at 1 PM EST.
The FAIR Institute is very excited to announce that the we will be hosting the third annual FAIR Conference (FAIRCON18) at Carnegie Mellon University in Pittsburgh, Pennsylvania, on October 16 -17, 2018.
One of my final initiatives prior to leaving public accounting and entering my new role in risk management was helping organizations prepare for the changes introduced by AICPA in the SSAE 18 audit standard, which went into effect in May 2017.
Simply put, when Industrial Control System (ICS) cyber risk is accurately modeled, measured, quantified and normalized with mechanical / industrial operational risk, it is then demystified.
In the first post of this series, I focused on answering a commonly expressed concern about the reliability of cyber risk measurement. At the end of that post, I mentioned that some readers might draw a distinction between an example I gave and the real world of cyber risk measurement.
For a quick introduction to cybersecurity law, take a listen to a new webcast from Evolver, a FAIR-powered consultancy that specializes in legal tech, cyber insurance and other info-risk concerns.
Time and time again I see analysts perform a FAIR risk analysis but get caught up in searching for the absolute perfect data or second guessing the results.
Risk managers are always seeking to address the risks that matter most to their organizations. But you can’t analyze and prioritize what you don’t identify.