Dark Reading is just out with 7 Steps to Start Your Risk Assessment, a handy guide to FAIR concepts that draws on the advice of three FAIR experts:
- Jack Jones, Chairman of the FAIR Institute and creator of the FAIR model
- Tony Martin-Vegue, leader of the very active FAIR Institute Chapter in San Francisco.
- Zulfikar Ramzan, FAIR Institute Board member and CTO at RSA Security.
The seven steps are:
- Start with a common language
- Define assets
- Define value
- Define losses
- Define threats
- Define measurements
- Define the audience
Each is presented with some hands-on advice from the three FAIR gurus that goes beyond the technical and into socializing the FAIR world view to an organization:
It's easy to say that dollars are all that matter, but individual stake-holders may define the impact differently. "If you think about the concept of a risk owner, that is somebody who owns the risk, somebody who essentially has their neck on the line," says Martin-Vegue. "If something goes south, this is the person that's accountable."
Jones says, "How I think about it is this: our problem space is complex and dynamic with a lot at stake, and we have limited resources. Every dollar that goes to us is a dollar that doesn't go to growing the business or other operation imperatives, so it's critically important that we prioritize."
See 7 Steps to Start Your Risk Assessment in Dark Reading for more.