After watching Prashanthi and Tony’s fireside chat at the 2021 FAIR Conference about getting a FAIR program started, I was struck by the simple and insightful themes that they kept repeating. Well, simple on paper, but not always easy to keep in mind when you’re in the thick of a FAIR rollout.
Ask a cyber risk professional about data governance practices, and they will likely tell you tales of classification schemes, access controls, and encryption … but we often overlook the importance of data quality, integrity, and usability that are core tenants of a robust data governance process.
After a short summer break, the FAIR Institute Operational Risk workgroup met again in August to continue our project using the FAIR methodology to revise a typical list of “top operational risks” (we found our list on Risk.net).
During the April meeting of the Operational Risk workgroup, the members continued working on a project to recast a list of top operational risks using the FAIR model. Quick recap of this effort so far - every year, you’ll find numerous lists of supposed “top risks” from various sources, but are they even risks?
During the March meeting of the Operational Risk Workgroup, the members took on a project to recast a list of top operational risks using the FAIR risk model. Every year, you’ll find numerous lists of supposed “top risks” from analysts, surveys, professional organizations, etc. with something in common: They don’t actually provide true risks.
Every year the masses of information security professionals gather at the Moscone Center in San Francisco for the RSA Conference looking for opportunities to learn from peers and discuss their latest challenges, and this year was no different. I had the privilege to share my own perspective as a speaker in the GRC track.
During the February meeting of the FAIR Institute's Operational Risk workgroup, members discussed the ever popular concept of “inherent risk” and how it could be best used in the context of a standard risk methodology like FAIR.
Over the years many risk professionals have found their risk religion with Factor Analysis of Information Risk (FAIR), but how to start integrating it into your organization isn’t always obvious.
From the desk of Evan Wheeler, chair of the Operational Risk workgroup at the FAIR Institute
What first attracted me to FAIR, was its applicability to information security risks, but it offers so much more than that.