FAIR Institute Blog

Osama Salah

Recent Posts

Risk Analysis and Worst-Case Thinking

[fa icon="calendar'] Apr 22, 2021 8:08:35 AM / by Osama Salah posted in Member Content

[fa icon="comment"] 2 Comments

The generally accepted model for risk is that it is a function of frequency (some refer to it as probability or likelihood, i.e., how often the loss event will probably occur in a given time frame) and magnitude (how bad the event will probably be, consequences).

Read More [fa icon="long-arrow-right"]

Second Thoughts on Secondary Loss in FAIR.  What Are Your Thoughts?

[fa icon="calendar'] Nov 4, 2019 9:43:45 AM / by Osama Salah posted in FAIR

[fa icon="comment"] 3 Comments

United Arab Emirates FAIR Chapter Chair Osama Salah has been puzzling over the most effective way to use Secondary Loss (incurred by shareholders, customers, etc.) in the FAIR Model—join the discussion in the comments section of this post or on the LINK discussion board (membership required).

Read More [fa icon="long-arrow-right"]

13 Reasons Why Heat Maps Must Die

[fa icon="calendar'] Nov 28, 2018 12:31:20 PM / by Osama Salah posted in FAIR, Risk Management

[fa icon="comment"] 1 Comment

I have posted on YouTube 13 Reasons Why Heat Maps Must Die, a presentation that I prepared for a conference. My eight year old daughter already commented “Amazing work, I agree.” What more validation does one need?

Read More [fa icon="long-arrow-right"]

Heat Maps Don’t Support ISO 31000

[fa icon="calendar'] Aug 14, 2018 12:00:00 PM / by Osama Salah posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

I was recently re-reading ISO 31000 because that's what one does for fun (don't you?). Surprisingly I noticed on a few occasions that using heat maps (or qualitative RM) appears to not align with the guidelines.

Read More [fa icon="long-arrow-right"]

Warren Buffet's Information Security Advice

[fa icon="calendar'] Jun 5, 2018 10:38:23 AM / by Osama Salah posted in FAIR

[fa icon="comment"] 2 Comments

OK, so Warren Buffet didn't really give information security advice. He gave investment advice. Risk management's objective, which I believe is the foundation of information security, is to make good investment decisions.

Read More [fa icon="long-arrow-right"]
Content not found

Subscribe to Email Updates

Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts