Critical Thinking – it’s always promoted as a core skill needed for any Factor Analysis of Information Risk (FAIR™) practitioner. Rightly so.
Teresa Suarez
Recent Posts
Common Sense: The Underrated Skill in FAIR Analysis
[fa icon="calendar'] Jan 13, 2021 8:26:00 AM / by Teresa Suarez posted in FAIR
3 Remedies for Analysis Paralysis
[fa icon="calendar'] May 7, 2019 1:42:33 PM / by Teresa Suarez posted in FAIR
I’ve observed an epidemic that is endemic to perfectionists and newer practitioners of quantitative cyber risk analysis: analysis paralysis. Here are some of the symptoms:
Risk Measurement vs. Risk Blarney in Cyber Analytics
[fa icon="calendar'] Jan 22, 2019 10:04:49 AM / by Teresa Suarez posted in FAIR
A large population of risk professionals are truly gifted. Gifted with the gift of gab, that is. This is because they haven't had any other choice until recently.
Quantitative Risk Analysis: Just Guesswork with Numbers?
[fa icon="calendar'] Aug 7, 2018 10:51:31 AM / by Teresa Suarez posted in FAIR
Skeptics about the FAIR model love to scoff at quantitative risk analysis and dismiss it as mere “guesswork.” I have encountered this assertion several times while conducting analyses and I welcome the challenge each time; I view it as an invitation to a discussion.
How to Filter Out ‘Fake Risks’ from Your Risk Register
[fa icon="calendar'] Jul 17, 2018 9:00:00 AM / by Teresa Suarez
Risk registers, by definition, are meant to identify, itemize and help prioritize risk. More specifically, they are intended to provide a portfolio of potential loss exposure to inform decision makers and enable them to mitigate and/or manage risk.
Finding Your Goldilocks Moment in Cyber Risk Analysis
[fa icon="calendar'] Apr 20, 2018 4:27:34 PM / by Teresa Suarez posted in FAIR
In a perfect world, a quantitative cyber risk analysis would always leverage data that is both accurate and precise. Heck, every sort of financial analysis, whether personal or organizational, would leverage data and produce results that are both accurate and precise.
Marketing FAIR to Your Organization
[fa icon="calendar'] Mar 21, 2018 11:04:12 AM / by Teresa Suarez
A recurring question in the early stages of FAIR adoption is, “How do I get organizational buy-in for FAIR?” The short answer is: You communicate FAIR’s value proposition.
Report from SIRACon: Data + Quantification Beats Dogma
[fa icon="calendar'] Feb 23, 2018 10:38:27 AM / by Teresa Suarez posted in FAIR, Risk Management
I had heard that SIRACon, the annual event hosted by the Society of Information Risk Analysts, was one of the two big opportunities of the year to hear the best thinking – and have the best hallway conversations – about risk analysis and risk management (FAIR Institute’s FAIRCON is the other).
Santa’s Naughty and Nice List for Risk Registers
[fa icon="calendar'] Dec 18, 2017 12:09:03 PM / by Teresa Suarez
It’s crunch time for Santa, his big December 25th deadline is quickly approaching. To prepare for Christmas, he’s making his risk register and checking it twice.
Memoir of My Love Of-FAIR
[fa icon="calendar'] Nov 14, 2017 8:47:00 AM / by Teresa Suarez
It’s been a little over a year since my love of-FAIR began, and my, does time fly when you’re having a good time! Perhaps “love” of-FAIR is a bit dramatic. However, I must say that the FAIR model has many benefits that make it an attractive and advantageous affiliation.