If you’re looking to try Factor Analysis of Information Risk (FAIR™) in a lightweight way, these tools and resources will get you started – all of them offered by the FAIR Institute or shared by Institute members, particularly in sessions at the annual FAIR Conference.
Do you know your hurdle rate? Michael Carr, VP, CTO/CISO, at Health First, the Florida hospital operator and health insurance provider, recently gave a talk to the HealthITSecurity Virtual Summit that covered financial terms and metrics
In our recent member survey, we asked “please rank the areas in which you would like to learn or sharpen your FAIR-related skills.” Taking a cue from the results, here is a short study guide covering the topics of most educational interest to the FAIR Institute membership.
We’re hearing increasingly that organizations successful at managing cyber risk in financial terms with Factor Analysis of Information Risk (FAIR™) are now looking to enterprise risk management as the next frontier for quantitative risk management.
Dropbox is taking a methodical and thoughtful approach to implement its FAIR quantitative risk management program, led by cyber risk manager Tyler Britton
“Cyber risk quantification for all” is the promise of the new My Cyber Risk Benchmark tool introduced at the first quarterly event in the 2022 FAIR Conference series by RiskLens, the FAIR Institute’s technical adviser.
Since Jack Jones introduced the FAIR Controls Analytics Model (FAIR-CAM™) at the 2021 FAIR Conference, “I get asked all the time, ‘Can we take our NIST CSF scores and plug them into FAIR-CAM and measure controls efficacy and risk reduction value?’”
More frequent and more relevant to business strategy – that’s what board members expect from CISOs for reporting on cyber risk, veteran board director James Lam told the recent quarterly event in the 2022 FAIR Conference series. And no hiding behind technical-speak.
Attention federal agencies looking to implement risk-based spending for cybersecurity: At the first quarterly event in the 2022 FAIR Conference series, Ignatius Liberto, Director, Cybersecurity Compliance and Oversight (IM-32), Office of the CIO, U. S. Department of Energy, presented a successful model
The Senate recently passed the Strengthening American Cybersecurity Act that directs the Office of Management and Budget to “develop a standard model for informing a risk-based budget for cybersecurity spending.”