Recent surveys of business executives and board members by Harvard Business Review Analytics and PwC give evidence that the movement to cyber risk quantification and FAIR™ is growing, if from a small base:
Implementing the FAIR standard requires more effort than procuring a tool, such as slamming a shiny new firewall into an organization’s environment. FAIR requires a culture change.
Risk management is undergoing major changes in process and technology, Gartner Research Director Khushbu Pratap told the 2020 FAIR Conference, and risk and security leaders need to recognize and get out ahead of the key drivers at work.
You’re probably using the NIST CSF, the most popular cybersecurity framework, as a checklist of best practices but it could do a lot more for your organization.
It’s a common question: How to introduce quantitative risk analysis with FAIR™ (Factor Analysis of Information Risk) to an organization that’s traditionally run on a controls checklist/maturity model approach to cybersecurity risk management?
Since the founding of the FAIR Institute in February 2016, there has been amazing growth in our community. We are proud to announce today that the FAIR Institute has reached the milestone of 10,000 members in under 5 years.
Government cyber risk professionals: This session at the 2020 FAIR Conference was packed with practical advice – you’ll want to listen carefully to the video but also download the slides
You’re all fired up about Factor Analysis of Information Risk (FAIR™) and eager to bring the transformative power of cyber risk quantification to your organization—but for now, you’re a voice crying in the wilderness of red-yellow-green heat maps
For a fresh take on getting the most out of your risk analysts and subject matter experts (SMEs), watch the video of Douglas Hubbard’s session at the 2020 FAIR Conference
James Lam, world authority on enterprise risk management and former chair of the risk oversight committee for the board of E*TRADE, has been setting a goal in FAIR Conference sessions since 2018 that cyber risk management must pull itself up to the level of enterprise risk management