FAIR Institute Blog

Nicola (Nick) Sanna

Nicola (Nick) Sanna

Recent Posts

Three Tips to Make Cyber Risk Quantification Work for Your General Counsel as Well

[fa icon="calendar'] May 25, 2021 3:39:19 PM / by Nicola (Nick) Sanna posted in Risk Management

[fa icon="comment"] 0 Comments

Surprisingly, we still sometimes hear that some cyber risk professionals are challenged by their General Counsel and legal department not to quantify their cyber risk, as that might - in their opinion - introduce a liability, driven by the fact of possibly knowing about a problem and not having done enough to address it.  

Read More [fa icon="long-arrow-right"]

FAIR Institute Pres. Nick Sanna’s Message to SEC Nominee Gary Gensler: "Stop the Opaqueness of Cyber Risk Reporting"

[fa icon="calendar'] Mar 10, 2021 2:30:09 PM / by Nicola (Nick) Sanna posted in FAIR Institute, Government

[fa icon="comment"] 0 Comments

In his recent Senate confirmation hearing, the pressure was on Gary Gensler, the new Administration’s nominee

Read More [fa icon="long-arrow-right"]

John Carlin, Pioneer of Risk Quantification in Government, Will Lead Cyber Law  Enforcement at Department of Justice

[fa icon="calendar'] Feb 7, 2021 7:09:37 PM / by Nicola (Nick) Sanna

[fa icon="comment"] 0 Comments

We were delighted to learn that John Carlin, a friend of the FAIR Institute and a pioneer of risk quantification in the federal government, has been appointed Acting Deputy Attorney General

Read More [fa icon="long-arrow-right"]

2021 Is the Year of Operationalizing Cyber Risk Quantification

[fa icon="calendar'] Jan 5, 2021 10:35:54 AM / by Nicola (Nick) Sanna posted in FAIR Institute

[fa icon="comment"] 0 Comments

I want to take a moment to reflect on where the FAIR™ movement stands as we begin the New Year. I believe we are right now at a turning point, headed for far-reaching improvements in cyber risk management

Read More [fa icon="long-arrow-right"]

How FAIR™ Can Help the US Federal Government Better Prioritize and Right-Size Its Cybersecurity Investments

[fa icon="calendar'] May 15, 2020 7:45:00 AM / by Nicola (Nick) Sanna posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

>>DHS/OMB mean well in pushing for a risk-based approach to cybersecurity in the Federal Government, but their requirements fall short of helping agencies effectively prioritize and right-size their cybersecurity investments

Read More [fa icon="long-arrow-right"]

Cyberspace Solarium Commission Proposes Amending Sarbanes-Oxley to Include Cybersecurity

[fa icon="calendar'] Apr 9, 2020 7:51:37 AM / by Nicola (Nick) Sanna posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

Congress created the Cyberspace Solarium Commission, a bipartisan group of lawmakers and cybersecurity experts, to get out ahead of both a “catastrophic cyberattack” and the “millions of daily intrusions disrupting everything

Read More [fa icon="long-arrow-right"]

IMF Chief Says Finance Sector Urgently Needs Cyber Risk Quantification

[fa icon="calendar'] Jul 9, 2018 8:00:00 AM / by Nicola (Nick) Sanna posted in FAIR, Risk Management

[fa icon="comment"] 2 Comments

In a recent LinkedIn post, Christine Lagarde, Managing Director of the International Monetary Fund, calls cyber risk not just a top risk but “a significant threat to the financial system” and cites a new IMF study that cyber attacks could already cost banks close to nine percent of net income globally or around $100 billion on average a year. 

Read More [fa icon="long-arrow-right"]

Does NIST CSF 1.1 Endorse Risk Quantification and FAIR?

[fa icon="calendar'] Jun 28, 2018 1:56:02 PM / by Nicola (Nick) Sanna posted in FAIR

[fa icon="comment"] 0 Comments

The National Institute of Standards has released NIST CSF 1.1, the new version of its popular cybersecurity risk framework—it’s filled with strong implications that infosecurity programs should treat risk in cost-effective or economic terms but never quite comes out and states the words “cyber risk quantification.”

Read More [fa icon="long-arrow-right"]

FAIR Adoption Soars as 3,000 Members Milestone Is Hit

[fa icon="calendar'] Jun 14, 2018 10:55:26 AM / by Nicola (Nick) Sanna posted in FAIR, FAIR Institute, FAIR Conference 2018

[fa icon="comment"] 0 Comments

This is what a movement looks like. Membership in the FAIR Institute has now passed 3,000, about double the level of a year ago, as cyber risk quantification wins converts across industries

Read More [fa icon="long-arrow-right"]

Should Boards Establish a Separate Risk Committee?

[fa icon="calendar'] May 17, 2018 10:22:17 AM / by Nicola (Nick) Sanna posted in Risk Management

[fa icon="comment"] 0 Comments

In traditional board of directors committee structure, each of the board’s five main functions (strategy, executive selection and compensation, governance, audit, risk and compliance) is assigned to a different committee, except one: risk, long handled by the audit committee.

Read More [fa icon="long-arrow-right"]
LEARN MORE

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts