FAIR Institute Blog

Cary Wise


Recent Posts

3 Ways to Game the System with Qualitative Cyber Risk Analysis (Don’t Do It)

[fa icon="calendar'] Mar 25, 2019 8:30:00 AM / by Cary Wise posted in Risk Management

[fa icon="comment"] 0 Comments

As an advocate for FAIR, I spend a great amount of time preaching the benefits of quantitative risk analysis over the qualitative approach. Ranking of risks 1-5 or red-yellow-green based on subjective judgments doesn’t measure up (literally) to a standard model like FAIR that produces consistent results expressed as probabilities.  

Read More [fa icon="long-arrow-right"]

When Every Risk Is “Medium”

[fa icon="calendar'] Aug 13, 2018 12:40:07 PM / by Cary Wise posted in FAIR, Risk Management

[fa icon="comment"] 1 Comment

When analysts don’t use a rigorous risk quantification model like FAIR to rate risks, and instead rely on the mental models in their heads they’ve developed from years of habit – odd things happen.

Read More [fa icon="long-arrow-right"]

In a FAIR Risk Analysis, Don't Collect Data till You Scope

[fa icon="calendar'] May 24, 2018 10:16:43 AM / by Cary Wise posted in FAIR

[fa icon="comment"] 0 Comments

New to FAIR quantitative analysis for cyber risk? I want to warn you about a newbie mistake I see that’s sure to make you waste time: Putting data collection ahead of scoping in a risk analysis.

Read More [fa icon="long-arrow-right"]

The 3 Most Confusing Risk Analysis Terms

[fa icon="calendar'] Jan 23, 2018 9:00:00 AM / by Cary Wise posted in FAIR

[fa icon="comment"] 1 Comment

Careful, risk analysts – it’s easy to miss the difference between these sound-alike pairs of terms when you scope a FAIR risk analysis:

  • Probability vs. Possibility
  • Loss Event vs. Threat Event
  • Contact vs. Threat Event
Read More [fa icon="long-arrow-right"]
LEARN MORE

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts