You’re sold on FAIR and quantitative risk analytics but until you bring your organization around, you’re just an army of one. In this panel discussion at the 2018 FAIR Conference, four successful FAIR intrapreneurs give some tips on how they built support, starting at the team level, and working their way up to the board of directors.
Case Study: Reporting to the Board: What Got You Here, Won't Get You There, a presentation by Omar Khawaja, CISO at Highmark Health at the recent 2018 FAIR Conference at Carnegie Mellon University was a master class in communicating risk to the board and the business. Omar was this year’s winner of the FAIR Institute’s Business Innovator Award for his ambitious and creative introduction of FAIR to Highmark.
You’re the CISO of a Fortune 1000 company and the VP of sales comes to you with the typical ransomware lock on a laptop screen. The VP says there’s a $10 million sale that can’t be closed because all the deal data is sitting on the local laptop, not the network. The VP wants the company to pay the 3,000-bitcoin ransom. What’s your recommendation?
How do you move your organization off an opinion-based approach to risk management and on to fact-based discussions, with quantitative risk analysis as the starting point?
Walmart is a FAIR champion in infosec (Joel Baese, Director, Governance and Decision Science, Information Security, has been a FAIRCON honoree and panelist) but the retailing giant is also pioneering quantitative risk analytics on the physical security side, as Christina Nelson, Director, GISAT Risk and Strategy, told the 2018 FAIR Conference.
The FAIR Institute and the Global Resilience Federation (GRF)--a non-profit hub for industry groups and government to share intelligence on cyber and physical threats and vulnerabilities --recently formed a strategic partnership that includes providing discounted FAIR training to GRF members through the RiskLens Academy.
In recent years, many CIOs in big enterprises and government have successfully positioned themselves as not just IT operators but business enablers, using the discipline of Technology Business Management (TBM), a set of best practices to consistently communicate both the cost and the value of IT services.
As the FAIR model and risk quantification brings cyber risk management in line with the rest of enterprise risk management, the roles of CISO and CRO also pull closer together. A panel discussion at the recent 2018 FAIR Conference showed a cooperative CISO/CRO relationship in action
At the recent 2018 FAIR Conference, James Lam, the enterprise risk management and corporate governance authority and chairman of the risk committee for the E*TRADE board of directors, gave a master class
Greetings FAIR Instituters! I’m glad to be able to give you a summary of research that many of you participated in a few months ago. Before I do that, though, we need to rewind a bit further back in time.