Phew, what a year 2020 was. Now that the new year has come, you may be thinking about how to start, change or stop doing activities within your FAIR quantitative risk management program. Let's take a look at five things you can do now for a better 2021.
1. Training refresher
Any FAIR practitioner should know that a FAIR analysis is an art, at times. Take the opportunity before things get crazy this year to refresh your FAIR skills. This could be anything from internal training around calibration or an analysis challenge to seek out additional FAIR training. Get creative about issues your team might be struggling with. Get FAIR training through the FAIR Institute.
2. Perform an in-depth review of your analysis process
Take a look at your analysis process. Is it fully documented? Is it easy to follow? If the answer to either is no, then this could be the prime opportunity to take the time to do just that. Document your end-to-end process in a simple and repeatable format. The amount of insight you will gain about the unique intricacies of your process could prove to be invaluable. See a sample risk measurement and reporting policy document.
3. Review the goals of your FAIR program:
Have you defined a charter for your program? You want to periodically review your charter to ensure that is relevant and obtainable. All too often do things become out-of-date. This could be a great team building opportunity. Get your team involved from management to analysts and brainstorm ideas of what you can achieve over the next year.
Here’s a charter for BCP bank, presented by Harold Marcenaro, Digital Risk Officer, at the 2020 FAIR Conference:
4. Obtain a platform
Is there software that can help improve your process? Having software to help make the most out of your FAIR program could be the key. Ask questions! How can that software help you achieve the goals you outlined in your program charter. Will it help make your analysis process more efficient and consistent? Does it help scale your program?
5. Update your loss tables
The new year is a great opportunity to look at the data you are using. Review your loss tables to ensure they are up-to-date based upon the incidents that have occurred over the past year (read a blog post on creating loss tables). If you are a RiskLens customer, this goes the same for your Data Helpers, used to store data for repeated use in answering risk analysis workshop questions. Did your incident response process change, or did your cyber insurance change? This is a simple thing that you can do that could help you get a jump-start on your analysis work for the year.
Related:
2021 Is the Year of Operationalizing Cyber Risk Quantification
