FAIR Institute Blog

Rebecca Merritt

Rebecca Merritt is a Risk Consultant for RiskLens

Recent Posts

4 Reasons You Must Define an Asset for FAIR Risk Analysis

[fa icon="calendar'] May 31, 2018 9:00:00 AM / by Rebecca Merritt

[fa icon="comment"] 3 Comments

I’ve heard it many times – “Why can’t we just do this analysis over the whole IT environment? Why do we need to pick a specific asset or population or assets?”

Read More [fa icon="long-arrow-right"]

How to Model Controls in a FAIR Risk Analysis

[fa icon="calendar'] Apr 12, 2018 9:00:00 AM / by Rebecca Merritt posted in FAIR

[fa icon="comment"] 2 Comments

As a former auditor, I understand the value a control has for an organization, a process or an application.  But, I’ll be honest I used to think a control was one dimensional. It didn’t really matter what the control protected, if the control wasn’t functioning properly or configured exactly to a ‘T’, it was failing.

Read More [fa icon="long-arrow-right"]

Key to Success in Risk Analysis? Trust the (FAIR) Process

[fa icon="calendar'] Jan 30, 2018 9:14:12 AM / by Rebecca Merritt posted in FAIR

[fa icon="comment"] 0 Comments

Time and time again I see analysts perform a FAIR risk analysis but get caught up in searching for the absolute perfect data or second guessing the results. 

Read More [fa icon="long-arrow-right"]

To Bring Value in a Risk Analysis, Tell a Story and Provide a Solution

[fa icon="calendar'] Jan 16, 2018 9:00:00 AM / by Rebecca Merritt posted in Risk Management, FAIR

[fa icon="comment"] 0 Comments

Imagine this – an issue is assigned to your risk analyst team, either by your management, someone in the business, or perhaps it's some area of weakness your own team identified. After completing the analysis, now it's time to prepare a presentation on the risk results.

Read More [fa icon="long-arrow-right"]

Amazon S3 Bucket Data Breaches – a FAIR Risk Analysis

[fa icon="calendar'] Nov 29, 2017 3:30:00 PM / by Rebecca Merritt posted in FAIR, Case Studies, Risk Management

[fa icon="comment"] 1 Comment

Army documents marked Top Secret…data on 14 million Verizon customers…voter information on 198 million Americans…Just a few of the recent reports on data breaches—or open data discovered by security researchers before a breach occurred—on Amazon S3 “buckets”.

Read More [fa icon="long-arrow-right"]

4 Tips for Running Risk Analysis Meetings

[fa icon="calendar'] Sep 15, 2017 7:00:00 AM / by Rebecca Merritt posted in Risk Management

[fa icon="comment"] 0 Comments

As a risk consultant, I run a lot of meetings for project scoping or data gathering that bring together people from around a company, usually with different perspectives and agendas. Often these meetings require that everyone come together and agree on a direction for a risk analysis project.

Read More [fa icon="long-arrow-right"]

Anatomy of a FAIR Risk Analysis: Confidential Data in Email

[fa icon="calendar'] Jul 30, 2017 8:00:00 PM / by Rebecca Merritt posted in FAIR

[fa icon="comment"] 1 Comment

In November, 2016, a Boeing employee emailed his spouse a spreadsheet from work because he needed help with formatting. In the spreadsheet: names, ID numbers, dates of birth and Social Security numbers for 36,000 Boeing employees. 

Read More [fa icon="long-arrow-right"]
LEARN MORE

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts