FAIR Institute Blog

Nicola (Nick) Sanna

Nicola (Nick) Sanna

Recent Posts

10 Reasons Why FAIR Is Winning

[fa icon="calendar'] May 17, 2022 3:57:43 PM / by Nicola (Nick) Sanna posted in FAIR

[fa icon="comment"] 0 Comments

Why did FAIR™ (Factor Analysis of Information Risk) emerge as the de facto number-one standard model for cyber, technology and operational risk analysis? No other risk model supports defensible quantitative analysis in the financial terms

Read More [fa icon="long-arrow-right"]

SEC Proposes Rules for Faster, More Defensible Cyber Risk Reporting. It Could Do Better Still

[fa icon="calendar'] Mar 16, 2022 8:49:15 AM / by Nicola (Nick) Sanna posted in FAIR Institute, Government

[fa icon="comment"] 0 Comments

The Securities and Exchange Commission recently proposed amendments to its rules that would require reporting on cyber risk in a fast, “consistent, comparable and decision-useful manner,” as SEC Chair Gary Gensler said – a goal that effectively calls for regulated public companies to run a cyber risk management program based on risk quantification

Read More [fa icon="long-arrow-right"]

Three Tips to Make Cyber Risk Quantification Work for Your General Counsel as Well

[fa icon="calendar'] May 25, 2021 3:39:19 PM / by Nicola (Nick) Sanna posted in Risk Management

[fa icon="comment"] 0 Comments

Surprisingly, we still sometimes hear that some cyber risk professionals are challenged by their General Counsel and legal department not to quantify their cyber risk, as that might - in their opinion - introduce a liability, driven by the fact of possibly knowing about a problem and not having done enough to address it.  

Read More [fa icon="long-arrow-right"]

FAIR Institute Pres. Nick Sanna’s Message to SEC Nominee Gary Gensler: "Stop the Opaqueness of Cyber Risk Reporting"

[fa icon="calendar'] Mar 10, 2021 2:30:09 PM / by Nicola (Nick) Sanna posted in FAIR Institute, Government

[fa icon="comment"] 0 Comments

In his recent Senate confirmation hearing, the pressure was on Gary Gensler, the new Administration’s nominee

Read More [fa icon="long-arrow-right"]

John Carlin, Pioneer of Risk Quantification in Government, Will Lead Cyber Law  Enforcement at Department of Justice

[fa icon="calendar'] Feb 7, 2021 7:09:37 PM / by Nicola (Nick) Sanna

[fa icon="comment"] 0 Comments

We were delighted to learn that John Carlin, a friend of the FAIR Institute and a pioneer of risk quantification in the federal government, has been appointed Acting Deputy Attorney General

Read More [fa icon="long-arrow-right"]

2021 Is the Year of Operationalizing Cyber Risk Quantification

[fa icon="calendar'] Jan 5, 2021 10:35:54 AM / by Nicola (Nick) Sanna posted in FAIR Institute

[fa icon="comment"] 0 Comments

I want to take a moment to reflect on where the FAIR™ movement stands as we begin the New Year. I believe we are right now at a turning point, headed for far-reaching improvements in cyber risk management

Read More [fa icon="long-arrow-right"]

How FAIR™ Can Help the US Federal Government Better Prioritize and Right-Size Its Cybersecurity Investments

[fa icon="calendar'] May 15, 2020 7:45:00 AM / by Nicola (Nick) Sanna posted in FAIR, Risk Management

[fa icon="comment"] 2 Comments

>>DHS/OMB mean well in pushing for a risk-based approach to cybersecurity in the Federal Government, but their requirements fall short of helping agencies effectively prioritize and right-size their cybersecurity investments

Read More [fa icon="long-arrow-right"]

Cyberspace Solarium Commission Proposes Amending Sarbanes-Oxley to Include Cybersecurity

[fa icon="calendar'] Apr 9, 2020 7:51:37 AM / by Nicola (Nick) Sanna posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

Congress created the Cyberspace Solarium Commission, a bipartisan group of lawmakers and cybersecurity experts, to get out ahead of both a “catastrophic cyberattack” and the “millions of daily intrusions disrupting everything

Read More [fa icon="long-arrow-right"]

IMF Chief Says Finance Sector Urgently Needs Cyber Risk Quantification

[fa icon="calendar'] Jul 9, 2018 8:00:00 AM / by Nicola (Nick) Sanna posted in FAIR, Risk Management

[fa icon="comment"] 2 Comments

In a recent LinkedIn post, Christine Lagarde, Managing Director of the International Monetary Fund, calls cyber risk not just a top risk but “a significant threat to the financial system” and cites a new IMF study that cyber attacks could already cost banks close to nine percent of net income globally or around $100 billion on average a year. 

Read More [fa icon="long-arrow-right"]

Does NIST CSF 1.1 Endorse Risk Quantification and FAIR?

[fa icon="calendar'] Jun 28, 2018 1:56:02 PM / by Nicola (Nick) Sanna posted in FAIR

[fa icon="comment"] 0 Comments

The National Institute of Standards has released NIST CSF 1.1, the new version of its popular cybersecurity risk framework—it’s filled with strong implications that infosecurity programs should treat risk in cost-effective or economic terms but never quite comes out and states the words “cyber risk quantification.”

Read More [fa icon="long-arrow-right"]
LEARN MORE
Content not found

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts