In a speech this week, Securities and Exchange Commission Chair Gary Gensler said he has asked SEC staff for recommendations to update requirements for cybersecurity practices and cyber risk disclosure by public companies, as well as financial sector companies and their third-party vendors.
Recent Posts
Factor Analysis of Information Risk (FAIR™) quantifies cyber and technology risk in financial terms and lifts communication about cyber risk up from technical “maturity” ratings or subjective red-yellow-green rankings to the financial language that business leadership can understand.
The 2021 FAIR Conference (FAIRCON21) brought together thought leaders and challengers of the status quo for information and technology risk management, so it’s not surprising that conventional thinking got challenged all over. Here are a few of the surprising takeaways
Judging by the most popular new blog posts published in 2021, FAIR Institute members are interested in the frontiers of thought on risk but also the day-to-day techniques and habits for steady improvement of risk analysis and management. Here are the eight biggest attention-getters
“10x the speed and ultimately the effectiveness” of FAIR risk scenario analysis – that was the promise of a forward-looking session at the recent 2021 FAIR Conference led by Ben Gowan and Justin Theriot, data scientists at RiskLens
Operational risk and cyber risk can be managed on equal terms when both are quantified using FAIR™, as Mike Radigan demonstrated with a case study from a power plant presented at the 2021 FAIR Conference (FAIRCON21).
At the 2021 FAIR Conference (FAIRCON21), Andy Retrum, Managing Director, Global Financial Services Security and Privacy for Protiviti, presented a use case for FAIR™ quantitative cyber risk analysis of ransomware that would both inform senior management and satisfy financial industry regulators
When a huge fire devastated Sonoma County over three weeks in 2017, the county government was tested to the maximum as it stood up emergency services for citizens
Bob Kolasky, who runs the National Risk Management Center in CISA, gave the FAIR Conference 2021 a briefing on CISA’s Systemic Cyber Risk Reduction Venture, an effort to manage and reduce cyber risks to critical infrastructure.
With all the time and money that infosec professionals invest in controls – implementing, patching, auditing, policy promulgation, etc. – you’d think they would be driving control stacks like finely-tuned machines.
