In a perfect world, a quantitative cyber risk analysis would always leverage data that is both accurate and precise. Heck, every sort of financial analysis, whether personal or organizational, would leverage data and produce results that are both accurate and precise.
A recurring question in the early stages of FAIR adoption is, “How do I get organizational buy-in for FAIR?” The short answer is: You communicate FAIR’s value proposition.
I had heard that SIRACon, the annual event hosted by the Society of Information Risk Analysts, was one of the two big opportunities of the year to hear the best thinking – and have the best hallway conversations – about risk analysis and risk management (FAIR Institute’s FAIRCON is the other).
It’s crunch time for Santa, his big December 25th deadline is quickly approaching. To prepare for Christmas, he’s making his risk register and checking it twice.
It’s been a little over a year since my love of-FAIR began, and my, does time fly when you’re having a good time! Perhaps “love” of-FAIR is a bit dramatic. However, I must say that the FAIR model has many benefits that make it an attractive and advantageous affiliation.
In the FAIR model for risk analysis, Loss Magnitude—i.e. the monetary impact of a loss event—is bucketed in six Forms of Loss: Productivity, Response, Replacement, Competitive Advantage, Fines & Judgements, and Reputation.