The FAIR Institute is excited to announce our nomination in the 2019 Advisen Cyber Risk Awards for the brand-new category of "Cyber Risk Model of the Year."
As auditors , you often get a bad rap. Given audit is a compliance focused profession, one of the many aspects of your job is telling someone that the way they do theirs is wrong, which is not a fun conversation for either party.
The FAIR Institute partnered with CyberVista, the leading cybersecurity education and workforce development company, in 2018—first project, an Institute-endorsed FAIR educational program for board executives.
The FAIR Institute is hosting an exclusive Board of Directors Dinner in Washington DC on Sept. 23rd, 2019, as many board members descend into town for the NACD Global Board Leaders' summit.
On June 18, join a distinguished group of cyber risk executives and fellow FAIR Institute members, many in town for the Gartner Security & Risk Management Summit 2019, as they discuss "Tips and Best Practices on How to Build a Quantitative Risk Management Program With FAIR."
Do you have what it takes to be a successful FAIR analyst?
One might assume that having the OpenFAIR certification or even technical experience would be top on the list. However, I’ve come to realize that there are three key talents in providing value to a risk assessment.
New England FAIR Chapter Co-Chair, and Vice President for Enterprise Cybersecurity at Fidelity Investments, the giant ($7.4 trillion in customer assets) mutual fund company, Jim Robert has been a FAIR practitioner for three years.
I’ve heard critics of quantitative risk analysis challenge the approach, stating that it is “too difficult”, “time consuming” or that their organization is “simply not mature enough for quantification.” In my experience, a majority of such arguments can be addressed by revisiting a few fundamental FAIR concepts.
As an advocate for FAIR, I spend a great amount of time preaching the benefits of quantitative risk analysis over the qualitative approach. Ranking of risks 1-5 or red-yellow-green based on subjective judgments doesn’t measure up (literally) to a standard model like FAIR that produces consistent results expressed as probabilities.
The FAIR Institute hosted its annual FAIR Breakfast in San Francisco in conjunction with the RSA Conference, featuring a panel of experienced FAIR practitioners. Scroll down the page for the videos – watch for a wealth of tips on starting and running a quantitative risk analysis program.