This case study by Laura Payne on 'Quantitative Risk Analysis & Information Security' does a very good job in explaining the journey of an organization like BMO, as it evolved from a 'High, Medium and Low' approach to measure and express risk to to a more scientific and quantitative approach.
Don't miss the exciting opportunity to learn how to improve your information risk management program directly from the author of FAIR, Jack Jones.
Reserve your spot at a free half-day seminar on Open FAIR, a Open Group standard for quantifying information and operational risk.
Jumpstart your knowledge and leave with valuable and actionable insights that can help you analyze risk better.
When: Thursday, Jan 28 2015, from 9 am to 1 pm
Where: The Open Group Offices, 44 Montgomery Street, Suite 960, San Francisco, CA 94104
The standard risk model known as Factor Analysis of Information Risk (FAIR) was authored by Jack Jones while he was a new CISO at Nationwide Insurance in 2001. Part of his job was to put together an information security strategy, present it to senior executives and ask for money. During this process, one of the executives asked, “How much risk do we have?” The only answer Jack had was a shrug of his shoulders and a single word, “Lots”. The executive then asked the question, “If we spend these millions of dollars, how much less risk will we have?” Jack shrugged again and replied, “Less”. The executive knew he wasn't going to get a better answer, but wanted to make a point.
Tired of the same old way of determining risk? What if there was an accurate way to quantify cyber risk? Want to learn how to be a better manager of cyber risk? If you answered yes to any of these questions, then this is the place for you!