FAIR Institute Blog

Rachel Slabotsky

Rachel Slabotsky
Rachel Slabotsky is Vice President, Professional Services for RiskLens, the technical adviser to the FAIR Institute

Recent Posts

Inherent Risk vs. Residual Risk Explained in 90 Seconds

[fa icon="calendar'] Feb 15, 2023 5:09:00 PM / by Rachel Slabotsky posted in FAIR

[fa icon="comment"] 18 Comments

I recently had a conversation with clients around a risk analysis they conducted and noticed as they walked me through it that they seemed to get hung up on the terms “inherent risk” and “residual risk” and the inherent risk definition for that particular scenario.

Read More [fa icon="long-arrow-right"]

Evaluating Data Retention Risk from GDPR Using FAIR

[fa icon="calendar'] Jul 1, 2019 8:45:00 AM / by Rachel Slabotsky posted in FAIR, Risk Management, Case Studies

[fa icon="comment"] 0 Comments

Despite the increased focus and attention on data privacy triggered by GDPR that went into effect in May 2018, studies have shown that organizations still have some strides to make in order to be fully in compliance with the mandate. In fact, a recent survey by Varonis reported that many organizations continue to accumulate data that no longer needs to be retained, despite GDPR’s right-to-be forgotten clause.

Read More [fa icon="long-arrow-right"]

Cure Your Risk Analysis Paralysis: Balance Accuracy and Precision

[fa icon="calendar'] Mar 26, 2019 8:30:00 AM / by Rachel Slabotsky posted in FAIR

[fa icon="comment"] 0 Comments

I’ve heard critics of quantitative risk analysis challenge the approach, stating that it is “too difficult”, “time consuming” or that their organization is “simply not mature enough for quantification.” In my experience, a majority of such arguments can be addressed by revisiting a few fundamental FAIR concepts.

Read More [fa icon="long-arrow-right"]

Banks Move to FAIR for FFIEC CAT Cybersecurity Risk Assessments

[fa icon="calendar'] Aug 2, 2018 9:00:00 AM / by Rachel Slabotsky posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

 

In a previous blog post, I wrote about how the FAIR quantitative risk model can be used to meet various regulatory and compliance requirements (specifically those that indicate the need for a formal risk assessment).

Read More [fa icon="long-arrow-right"]

The Skeptic's Guide to Cyber Risk Surveys

[fa icon="calendar'] Mar 12, 2018 9:00:00 AM / by Rachel Slabotsky posted in FAIR

[fa icon="comment"] 1 Comment

I recently attended the SIRACon conference in Seattle where I had the privilege to hear leaders from prestigious companies speak about their experience using quantitative analysis of cyber risks. One of the presentations that stood out related to sources of error and bias in survey results.

Read More [fa icon="long-arrow-right"]

For Better Risk Assessments in SSAE 18 Audits, Try Quantification with FAIR

[fa icon="calendar'] Feb 9, 2018 4:08:05 PM / by Rachel Slabotsky posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

One of my final initiatives prior to leaving public accounting and entering my new role in risk management was helping organizations prepare for the changes introduced by AICPA in the SSAE 18 audit standard, which went into effect in May 2017.

Read More [fa icon="long-arrow-right"]

How to Analyze Your Risk from GDPR: A FAIR Approach

[fa icon="calendar'] Jan 19, 2018 10:49:47 AM / by Rachel Slabotsky posted in Risk Management, FAIR Risk Model

[fa icon="comment"] 1 Comment

As the final months approach before the EU's General Data Protection Regulation (GDPR) goes into effect in May, 2018, organizations are making significant investments to ensure they are prepared for the changes to come, particularly the strict rules on handling consumers’ personally identifiable information (PII).

Read More [fa icon="long-arrow-right"]
LEARN MORE
Content not found

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts