FAIR Institute Blog

Rebecca Merritt

Rebecca Merritt is a Risk Consultant for RiskLens

Recent Posts

FAIR Institute Summer Book Club Final Meeting - All 6 Chapter Guides to the FAIR Book Are Right Here

[fa icon="calendar'] Aug 27, 2020 7:30:00 AM / by Rebecca Merritt posted in FAIR Summer Book Club 2020

[fa icon="comment"] 0 Comments

Time flies when you’re quantifying risk, Labor Day is in sight, and we’re wrapping up our summer group read of the FAIR book, Measuring and Managing Information Risk

Read More [fa icon="long-arrow-right"]

FAIR Institute Summer Book Club Part 5 – Reading the FAIR Book Together – This Week: Controls and Common Mistakes

[fa icon="calendar'] Aug 5, 2020 7:53:00 AM / by Rebecca Merritt posted in FAIR Summer Book Club 2020

[fa icon="comment"] 0 Comments

We're on Chapter 10 (Common Mistakes) and Chapter 11 (Controls), Book Clubbers, and this week we will dive into some tricks of the FAIR™ trade

Read More [fa icon="long-arrow-right"]

FAIR Institute Summer Book Club Part 4 – Reading the FAIR Book Together – This Week: A Walk through a Sample Risk Analysis

[fa icon="calendar'] Jul 16, 2020 7:24:00 AM / by Rebecca Merritt posted in FAIR Summer Book Club 2020

[fa icon="comment"] 2 Comments

All summer, we are reading together Measuring and Managing Information Risk, the classic book on quantitative risk analysis with the FAIR™ model. This week, we cover Chapter 8 (Risk Analysis Examples) and Chapter 9 (Thinking about Risk Scenarios Using FAIR).

Read More [fa icon="long-arrow-right"]

FAIR Institute Summer Book Club Part 3 – Reading the FAIR Book Together - This Week: Analysis Process and Results

[fa icon="calendar'] Jul 1, 2020 9:05:54 AM / by Rebecca Merritt posted in FAIR Summer Book Club 2020

[fa icon="comment"] 0 Comments

This week, it’s Chapter 6 (Analysis Process) and 7 (Understanding Results) in Measuring and Managing Information Risk, the FAIR book, and now we’re getting hands-on with a working knowledge of quantitative cyber risk analysis.

Read More [fa icon="long-arrow-right"]

FAIR Institute Summer Book Club Part 2 – Reading the FAIR Book Together

[fa icon="calendar'] Jun 10, 2020 10:44:20 AM / by Rebecca Merritt posted in FAIR, FAIR Summer Book Club 2020

[fa icon="comment"] 0 Comments

All summer, we are reading and discussing the FAIR™ book, Measuring and Managing Information Risk by Jack Freund and Jack Jones, the authoritative text on quantitative cyber risk analysis and risk management, with a new discussion guide every two weeks to help FAIR summer book clubs spark conversation.  

Read More [fa icon="long-arrow-right"]

Introducing the FAIR Institute Summer Book Club – Let’s Read & Discuss the FAIR Book Together

[fa icon="calendar'] May 27, 2020 10:18:06 AM / by Rebecca Merritt posted in FAIR Summer Book Club 2020

[fa icon="comment"] 0 Comments

Get your highlighters ready – find a stack of Post-it notes – the FAIR Institute is putting on a summer book club to read and discuss the FAIR™ book, Measuring and Managing Information Risk

Read More [fa icon="long-arrow-right"]

Amazon S3 Bucket Data Breaches – a FAIR™ Risk Analysis

[fa icon="calendar'] Apr 13, 2020 11:48:00 AM / by Rebecca Merritt posted in FAIR, Risk Management, Case Studies

[fa icon="comment"] 1 Comment

With the ongoing big move to cloud storage to support working from home, it seems inevitable that we’re going to see more data breaches on Amazon S3 “buckets”,  an evergreen cybersecurity problem. It happened again a week ago

Read More [fa icon="long-arrow-right"]

Define Your Company’s Appetite for Risk with FAIR Analysis

[fa icon="calendar'] Apr 30, 2019 6:59:42 AM / by Rebecca Merritt posted in FAIR, Risk Management

[fa icon="comment"] 4 Comments

In basic terms, a company’s “risk appetite” is the level of risk the organization sees as acceptable.  Not surprisingly, some use the phrase “risk tolerance” interchangeably with “risk appetite” (there is an important difference: "tolerance" is how far off "appetite" the organization will go).

Read More [fa icon="long-arrow-right"]

4 Reasons You Must Define an Asset for FAIR Risk Analysis

[fa icon="calendar'] May 31, 2018 9:00:00 AM / by Rebecca Merritt

[fa icon="comment"] 3 Comments

I’ve heard it many times – “Why can’t we just do this analysis over the whole IT environment? Why do we need to pick a specific asset or population or assets?”

Read More [fa icon="long-arrow-right"]

How to Model Controls in a FAIR Risk Analysis

[fa icon="calendar'] Apr 12, 2018 9:00:00 AM / by Rebecca Merritt posted in FAIR

[fa icon="comment"] 3 Comments

As a former auditor, I understand the value a control has for an organization, a process or an application.  But, I’ll be honest I used to think a control was one dimensional. It didn’t really matter what the control protected, if the control wasn’t functioning properly or configured exactly to a ‘T’, it was failing.

Read More [fa icon="long-arrow-right"]
LEARN MORE

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts