Andrew Retrum is Managing Director, Global Financial Services Security & Privacy, at Protiviti and an Advisory Board Member for the FAIR Institute. He started his career at one of the big accounting firms before becoming one of the founders of Protiviti
With permission, we are re-publishing this post from Lawfare, the influential blog that covers the intersection between law and national security.
The FAIR Institute is dedicated to being a welcoming place for all information security professionals to join, learn, and network with one another. As a community composed of professionals of all nationalities, races, genders, and religions, we believe there is an innate responsibility to stand up against hate, racism, and bigotry
Establishing a third-party vendor risk management program can be a challenging undertaking. There are so many things to consider, not the least of which is what technology to use, staff augmentation strategies you might employ, and upon which frameworks you should base the program.
First consulting firm to become a strategic sponsor, Protiviti joins community of companies supporting the FAIR model for information risk management
Enterprises operate their businesses on third-party platforms and services. Outsourcing of systems and services often involves significant risk, bestowing custodial responsibilities of large amounts of sensitive data and transaction capabilities to third-parties.
How much risk is associated with a bald tire? It depends...
In this video, Jack Jones walks you through the classic scenario (from his book Measuring and Managing Information Risk: a FAIR Approach) with a lesson about making assumptions and how that affects risk analysis and communication about risk.
We hope that you're already planning to attend FAIR Institute's annual FAIR Conference, FAIRCON17, later this year on October 16 and 17. Take advantage of our "Early Bird" pricing special, available through June 30, by clicking here.
However, you may be interested in doing more than just attending!
The terms “risk appetite” and its close cousin “risk tolerance” are often poorly understood, very rarely used to good effect, and commonly used interchangeably.
The Internet Security Alliance and the FAIR Institute called on the National Institute of Standards and Technology (NIST) to convene a process similar to that which resulted in the creation of the NIST Cyber Security Framework (CSF), but this time focusing on implementation of the CSF.