FAIR Institute Blog

Heat Maps Don’t Support ISO 31000

[fa icon="calendar'] Aug 14, 2018 12:00:00 PM / by Osama Salah posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

I was recently re-reading ISO 31000 because that's what one does for fun (don't you?). Surprisingly I noticed on a few occasions that using heat maps (or qualitative RM) appears to not align with the guidelines.

Read More [fa icon="long-arrow-right"]

When Every Risk Is “Medium”

[fa icon="calendar'] Aug 13, 2018 12:40:07 PM / by Cary Wise posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

When analysts don’t use a rigorous risk quantification model like FAIR to rate risks, and instead rely on the mental models in their heads they’ve developed from years of habit – odd things happen.

Read More [fa icon="long-arrow-right"]

FAIR Institute Partners with CyberVista for Board Director Education

[fa icon="calendar'] Aug 10, 2018 9:00:00 AM / by Jeff B. Copeland posted in FAIR

[fa icon="comment"] 0 Comments

Another strong signal that FAIR and cyber risk quantification is emerging as the way that inforisk gets reported up to the board and senior management: CyberVista, the leading cybersecurity education and workforce development company known for its board director education work has aligned the curriculum of its popular Resolve cybersecurity training with FAIR

Read More [fa icon="long-arrow-right"]

Jack Jones Warns About “False Sense of Security” in Homeland Security

[fa icon="calendar'] Aug 7, 2018 2:00:00 PM / by Jeff B. Copeland posted in FAIR

[fa icon="comment"] 0 Comments

In a new column for Homeland Security Today, Define, Measure Risk Accurately to Avoid False Sense of Security, FAIR Institute Chairman Jack Jones applauds the Department of Homeland Security and other Federal agencies for taking a risk-based approach to cybersecurity in their new strategic plans – but questions whether they can truly identify and prioritize their risks.

Read More [fa icon="long-arrow-right"]

Quantitative Risk Analysis: Just Guesswork with Numbers?

[fa icon="calendar'] Aug 7, 2018 10:51:31 AM / by Teresa Suarez posted in FAIR

[fa icon="comment"] 0 Comments

Skeptics about the FAIR model love to scoff at quantitative risk analysis and dismiss it as mere “guesswork.” I have encountered this assertion several times while conducting analyses and I welcome the challenge each time; I view it as an invitation to a discussion.

Read More [fa icon="long-arrow-right"]

Top 3 Books for New Risk Analysts

[fa icon="calendar'] Aug 2, 2018 12:00:00 PM / by Chad Weinman posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

Our professional team here at RiskLens has been steadily growing for the past two years. Our risk consultants come from a variety backgrounds; with and without direct prior experience in risk management. 

Read More [fa icon="long-arrow-right"]

Banks Move to FAIR for FFIEC Cybersecurity Risk Assessments

[fa icon="calendar'] Aug 2, 2018 9:00:00 AM / by Rachel Slabotsky posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

In a previous blog post, I wrote about how the FAIR quantitative risk model can be used to meet various regulatory and compliance requirements (specifically those that indicate the need for a formal risk assessment).

Read More [fa icon="long-arrow-right"]

Control Deficiencies Are NOT Risks

[fa icon="calendar'] Jul 31, 2018 9:00:00 AM / by Cody Whelan posted in FAIR

[fa icon="comment"] 0 Comments

Prior to adopting FAIR to define and quantify risks as loss events, most organizations grapple with the all too common misconception that control deficiencies are the same things as risks.  This confusion not only alters the way organizations think about risk, but also the way they discuss and communicate risk

Read More [fa icon="long-arrow-right"]

Case Study: Demystifying ICS Cyber Risk with FAIR

[fa icon="calendar'] Jul 30, 2018 10:59:00 AM / by Michael Radigan posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

With all the news about Russian hackers targeting US utility plant networks, we're bringing back into view this blog post about cyber risk quantification for utility operators, by Industrial Control System (ICS) authority Michael Radigan of Leidos Cyber, Inc.

Read More [fa icon="long-arrow-right"]

Concept Creep: Why Cyber Risk Problems Never Get Solved

[fa icon="calendar'] Jul 27, 2018 1:48:32 PM / by Jack Freund posted in FAIR

[fa icon="comment"] 0 Comments

Managing risk professionally means managing our own cognitive biases to effectively represent the risk facing our organizations. Overcoming the biases that each one of us brings to an analysis is a challenge and the only way to effectively manage this is by being actively aware of our own limitations in our perception of reality.

Read More [fa icon="long-arrow-right"]
LEARN MORE

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts