Let’s talk DREAD (threat modeling, not the overwhelming feeling of despair associated with your reoccurring 4:30 p.m. Friday meeting). So, what is the DREAD threat model?
Taylor Maze

Recent Posts
How to Use DREAD Analysis with FAIR
[fa icon="calendar'] Feb 21, 2023 5:54:00 PM / by Taylor Maze posted in FAIR
FAIR Beginner's Guide: What Do the Numbers Mean?
[fa icon="calendar'] Jan 14, 2021 5:20:00 PM / by Taylor Maze posted in FAIR
As a FAIR consultant, I have seen many organizations go through the transformation from qualitative to quantitative risk management.
Drawing FAIR™ Conclusions from Cyentia’s Information Risk Insights Study (IRIS)
[fa icon="calendar'] Apr 23, 2020 6:24:00 AM / by Taylor Maze posted in Risk Management
The Cyentia Institute recently published the Information Risk Insights Study (IRIS), which utilized data gathered via Advisen on tens of thousands of known cyber events over the past decade to draw conclusions about the frequency and magnitude of such events.
3 Key Values of FAIR™ Risk Analysis (and 3 Reasons Your Organization Should Use It)
[fa icon="calendar'] Mar 10, 2020 4:40:48 PM / by Taylor Maze posted in FAIR
There are many reasons why cyber risk quantification utilizing the FAIR™ model has been adopted by 30% of the Fortune 1000.
Calibrated Estimation for FAIR™ Cyber Risk Quantitative Analysis - Explained in 3 to 4 Minutes
[fa icon="calendar'] Feb 25, 2020 11:16:26 AM / by Taylor Maze posted in FAIR
Cyber risk quantification has often been seen as difficult or impossible due to the perceived lack of data on the subject. Many organizations do not have sophisticated logging systems which allow them perfect hindsight into past cyber events.
Good or Lucky? 3 Questions to Ask When Cyber Risk Analysis Shows Low Risk
[fa icon="calendar'] May 1, 2019 12:02:45 PM / by Taylor Maze posted in Risk Management
‘Low’ loss exposure scenarios are often cause for celebration, or at least an exhausted sigh of relief from the CISO who is already juggling the remediation plans of countless other higher risk scenarios.
3 Tips for Making Your IT Audit Job More than Compliance
[fa icon="calendar'] Apr 17, 2019 10:07:20 AM / by Taylor Maze posted in Risk Management
As auditors , you often get a bad rap. Given audit is a compliance focused profession, one of the many aspects of your job is telling someone that the way they do theirs is wrong, which is not a fun conversation for either party.
4 Tips to Reality-Check a FAIR Quantitative Risk Analysis
[fa icon="calendar'] Feb 14, 2019 2:46:23 PM / by Taylor Maze
While I could easily write a novella focused solely on the many benefits of FAIR over other risk analysis methods, there is an important caveat to keep in mind when conducting FAIR analyses: The analysis is only as reliable as the analyst who conducted it.
Qualitative vs. Quantitative Analysis for Cyber Risk: What’s the Difference?
[fa icon="calendar'] Oct 29, 2018 12:00:00 PM / by Taylor Maze posted in FAIR
Risk is inherent in business. By operating in the market place, offering products or services to the public, processing transactions or storing data, companies large and small face risk, and increasingly that’s cyber risk. The question is, how do these companies decide whether to accept or respond to risks?
Quantify Risk, Baby
[fa icon="calendar'] Sep 13, 2018 11:10:48 AM / by Taylor Maze posted in FAIR
(To the tune of Ice Ice Baby)
Alright, stop! Collaborate, and listen. FAIR is back to give advice you been missin’
If Risk has grabbed ahold of you tightly, run an analysis, quantify it rightly.