Establishing a third-party vendor risk management program can be a challenging undertaking. There are so many things to consider, not the least of which is what technology to use, staff augmentation strategies you might employ, and upon which frameworks you should base the program.
First consulting firm to become a strategic sponsor, Protiviti joins community of companies supporting the FAIR model for information risk management
Enterprises operate their businesses on third-party platforms and services. Outsourcing of systems and services often involves significant risk, bestowing custodial responsibilities of large amounts of sensitive data and transaction capabilities to third-parties.
How much risk is associated with a bald tire? It depends...
In this video, Jack Jones walks you through the classic scenario (from his book Measuring and Managing Information Risk: a FAIR Approach) with a lesson about making assumptions and how that affects risk analysis and communication about risk.
We hope that you're already planning to attend FAIR Institute's annual FAIR Conference, FAIRCON17, later this year on October 16 and 17. Take advantage of our "Early Bird" pricing special, available through June 30, by clicking here.
However, you may be interested in doing more than just attending!
The terms “risk appetite” and its close cousin “risk tolerance” are often poorly understood, very rarely used to good effect, and commonly used interchangeably.
The Internet Security Alliance and the FAIR Institute called on the National Institute of Standards and Technology (NIST) to convene a process similar to that which resulted in the creation of the NIST Cyber Security Framework (CSF), but this time focusing on implementation of the CSF.
Great opportunity for FAIR beginners and experts alike to join a live, team effort at a high level FAIR analysis in the next meeting of the FAIR Institute Operational Risk Workgroup, Tuesday, April 11, at 4 PM EDT. The analysis will be led by veteran FAIR practitioner and speaker Evan Wheeler.