I’ve encountered a number of organizations that use guidance provided by special publication NIST’s 800-30 to measure the risk associated with one thing or another.
Recently, I heard someone express an opinion that “Quantitative analysis isn’t viable because we face intelligent adversaries.”
In the first post in this series, I said there were two belief systems that drive the notion of “positive risk” within our profession.
In probably half of the presentations I give about FAIR, someone in the audience will raise their hand and ask, “What about positive risk?”
On October 14th 2016, I had the privilege of providing the keynote presentation at the first annual FAIR Conference in Charlotte, NC.
I recently spoke with a risk professional who had encountered challenges when presenting quantitative risk analysis results to business management.