5 Objections to FAIR and How to Overcome Them – Lessons from the Netflix FAIR Program

FAIRCON22 - Tony Martin-Vegue and Prashanthi Koutha 2“It’s not perfect.” “It takes longer.” “I don’t know statistics.” In successfully introducing Factor Analysis of Information Risk (FAIR™) at Netflix, Prashanthi Koutha and Tony Martin-Vegue have heard every objection to quantitative risk analysis. They’re so experienced that they now show the list of objections below when they present FAIR to a new audience to clear the air right away.

At the recent 2022 FAIR Conference, Tony and Prashanthi presented their responses to the top five objections to FAIR – and in the process, some group-dynamics lessons that FAIR advocates could apply to any program launch.    


Case Study: Five Objections to FAIR and How to Overcome Them

Tony Martin-Vegue, Senior Information Security Risk Engineer, Netflix

Prashanthi Koutha, Senior Risk Engineer, Netflix 

Watch the video of the presentation on overcoming objections to cyber risk quantification. A FAIR Institute Contributing Membership is required -  JOIN NOW.


FAIRCON22 - Objections to FAIR - Netflix

 

It may sound counterintuitive to a FAIR evangelist eager to make new converts, but “the goal here is not to educate our stakeholders about FAIR,” Prashanthi said.

“What we really focus on is, educate them about the fact that risk is a range of possibilities. It cannot be expressed in a single number.  And we are here to reduce that uncertainty. We are not here to predict the future; we are only helping them to make a decision.” 

“If you are patient with us, we can give you the tools to make better decisions,” Tony added. 

Another guiding principle: “Meet people where they are,” Tony said. They don’t need any special knowledge “to consume the results of a risk analysis.” But the responsibility is on the FAIR team to customize reporting and “provide just enough information so they can process and make decisions…

"If there’s one gold nugget we want you to take away [from the FAIRCON presentation], it’s this: Get to know your stakeholders. If you do that, you can turn those objections into advantages.”

FAIRCON22 Netflix Slide DetailBut still…it’s so much easier to arrange risks as colors on a heat map, based on “qualitative” (in other words, gut feel) analysis, right? 

Prashanthi and Tony presented a chart that should be in every FAIR advocates tool kit, showing that quantitative analysis with FAIR takes only 10% longer. (Click for larger image.)

Watch the video of the presentation on overcoming objections to cyber risk quantification. A FAIR Institute Contributing Membership is required -  JOIN NOW.

Learn How FAIR Can Help You Make Better Business Decisions

Order today
image 37