Automating quantitative cyber risk analysis – pulling together updated controls telemetry, threat intel, asset data, audits information and more to produce always-on analytics – would power a highly nimble and scalable FAIR cyber risk management program, even for organizations with low investment in people or training.
But, as FAIR creator Jack Jones explained in a recent blog post series on Automating CRQ, that’s been a heavy lift. Controls analytics, for instance, have been held back by failures to clearly define controls functions or efficacy in reducing risk, or to describe the relationships among controls. Cybersecurity teams fall back on “I’ll have one of each” from controls frameworks – and still get breached.
Jack’s newly developed FAIR Controls Analytics Model (FAIR-CAM™) cracks that problem and opens the door to cyber risk analytics automation. At the upcoming FAIR Conference (September 27-28, 2022), Jack and RiskLens CTO Bryan Smith will demonstrate a prototype of a FAIR-CAM-driven analysis engine and show examples of reporting now under development for the RiskLens platform.
How to Scale FAIR Programs with Controls Analytics
Tuesday, September 27, 1:00-1:45 PM EDT
At Salamander Washington, D.C (previously known as the Mandarin Oriental Hotel).
Or online in a virtual session.
What Is FAIR-CAM?
A model that:
- Categorizes controls by type and function
- Sets them in relation to each other; clarifying their interplay
- Shows the direct and indirect effect of controls on risk
- Assigns units of measurement for control performance enabling a quantitative approach for reliable analysis of the effectiveness of controls and controls systems.
How Will FAIR-CAM Make Automation of FAIR Cyber Risk Analytics Possible?
- If we can take a control from a framework and
- Know how it affects risk reduction in quantitative terms
- Account for dependencies and relationships with other controls
- Bring in telemetry
- We can perform analyses automatically
Result: Scaling a FAIR program with controls analytics
Get the details, see the demo, ask your questions – attend the conference presentation with Jack and Bryan on September 27.