In a previous blog post, I wrote about how the FAIR quantitative risk model can be used to meet various regulatory and compliance requirements (specifically those that indicate the need for a formal risk assessment).
Rachel Slabotsky

Recent Posts
Banks Move to FAIR for FFIEC Cybersecurity Risk Assessments
[fa icon="calendar'] Aug 2, 2018 9:00:00 AM / by Rachel Slabotsky posted in Risk Management, FAIR
The Skeptic's Guide to Cyber Risk Surveys
[fa icon="calendar'] Mar 12, 2018 9:00:00 AM / by Rachel Slabotsky posted in FAIR
I recently attended the SIRACon conference in Seattle where I had the privilege to hear leaders from prestigious companies speak about their experience using quantitative analysis of cyber risks. One of the presentations that stood out related to sources of error and bias in survey results.
For Better Risk Assessments in SSAE 18 Audits, Try Quantification with FAIR
[fa icon="calendar'] Feb 9, 2018 4:08:05 PM / by Rachel Slabotsky posted in FAIR, Risk Management
One of my final initiatives prior to leaving public accounting and entering my new role in risk management was helping organizations prepare for the changes introduced by AICPA in the SSAE 18 audit standard, which went into effect in May 2017.
How to Analyze Your Risk from GDPR: A FAIR Approach
[fa icon="calendar'] Jan 19, 2018 10:49:47 AM / by Rachel Slabotsky posted in FAIR risk model, Risk Management
As the final months approach before the EU's General Data Protection Regulation (GDPR) goes into effect in May, 2018, organizations are making significant investments to ensure they are prepared for the changes to come, particularly the strict rules on handling consumers’ personally identifiable information (PII).
Inherent Risk vs. Residual Risk Explained in 90 Seconds
[fa icon="calendar'] Sep 7, 2017 3:18:43 PM / by Rachel Slabotsky posted in FAIR
I recently had a conversation with clients around a risk analysis they conducted and noticed as they walked me through it that they seemed to get hung up on the terms “inherent risk” and “residual risk” and what inherent risk represented in that particular scenario.