Attendees at the FAIR Institute Breakfast during the recent Gartner Summit on Security and Risk Management heard tales of three successful FAIR cyber risk quantification programs from Matthew Martin of LPL Financial, Robert Immella of Key Bank and, lastly, Musso Shaikh, Program Manager, Cyber Threat Intelligence, at Fannie Mae, the big provider of mortgage financing.
To support the rapid pace of growth in new membership to the FAIR Institute - now at 6,000 members strong and anticipated to surpass 7,000 by year end - the FAIR Institute is growing its support capability and focus on enablement programs for all of its members worldwide.
New York Times reporters Stacy Cowley and Nicole Perlroth turned to FAIR Institute Chairman and RiskLens Chief Risk Scientist Jack Jones to answer the question, why are big banks in an Endless Fight with Hackers, as their article on the massive Capital One breach asks.
It’s a devastating report from the General Accounting Office that should accelerate the movement to cyber risk quantification (CRQ) and the FAIR model, already underway at the Department of Energy.
SMEs (that’s subject matter experts) own the systems, the applications, the processes and the business units in your organization—and own the data and insights you need to feed your cyber risk analytics.
Targeting can be applied to the following tasks in the investment decision process based on the potential financial loss against an asset:
- Prioritizing the risk assessment scope
- Prioritizing the recommendations on remediation actions
Just published on Healthcare Innovation, Where Cybersecurity and Business Align: One CISO’s High-Level Perspective, profiles CISO Omar Khawaja’s success at introducing FAIR to Highmark Health, a leading healthcare delivery and insurance organization.
Expert elicitation is simple to define, but difficult to effectively use given its complexities. Most of us already use some form of expert elicitation while performing a risk analysis whenever we ask someone their opinion on a particular data point. The importance of using a structured methodology for collecting and aggregating expert opinion is understated in risk analysis
As a FAIR consultant, I have seen many organizations go through the transformation from qualitative to quantitative risk management. Often what I have found is that the transition from a world of no numbers (or very few numbers) to the quantitative risk world of numbers galore can be a little daunting.
Simone Petrella, the newest member of the FAIR Institute Advisory Board, comes from a key partner of the Institute, CyberVista, the leading cybersecurity education and workforce development company, particularly known for its board of directors education work.
