In Understanding Cyber Risk Quantification: A Buyer’s Guide, (FAIR Institute Contributing membership required to view) Jack Jones, creator of the FAIR cyber risk quantification model, answers some fundamental questions about the purpose of a risk management program.
“Risk management programs exist to help their organizations cost-effectively achieve and maintain an acceptable level of exposure to loss,” Jack writes.
It’s a deceptively simple statement that packs a lot: To understand what’s a “level of loss exposure”, what’s an acceptable level (in other words, based on risk appetite) and what’s cost effective in risk management all require quantifying risk in financial terms – and how to best achieve that is the topic of the Buyer’s Guide.
The Cyber Risk Quantification Buyer’s Guide covers:
- The definition of CRQ and its value
- Common concerns about CRQ adoption
- Risk-measurement techniques you shouldn’t confuse with CRQ
- Questions to ask a CRQ vendor
- Red flags to warn you off a vendor
Join Jack Jones for a webinar on Understanding Cyber Risk Quantification.
Thursday, March 30, 2023, at 11 AM ET
Risk Management Program Needs
Jack Jones leads the Guide with a chapter on Risk Management Program Needs, outlining eight critical capabilities:
1. Identify loss event scenarios for analysis
2. Understand the factors that affect probability and impact of loss event scenarios
3. Continually monitor risk factors
4. Estimate probability of loss events and impact if they occur
5. Compare current loss exposure against desired states
6. Identify opportunities to reduce risk
7. Accurately communicate analysis results to support decision-making
8. Reliably execute risk management decisions
Done right, “monitoring, measurement and reporting aspects of a program operate as a feedback mechanism” to respond to an ever-changing risk landscape, Jack writes.
Download Understanding Cyber Risk Quantification: A Buyer’s Guide
(FAIR Institute Contributing Membership required for download)
Learn more about the Cyber Risk Quantification Buyer’s Guide in an interview with Jack Jones.