Tony Martin-Vegue, San Francisco Chapter Co-Chair, member of the quant risk team at Netflix, and one of the best FAIR™ educators we know, leads a webinar designed to answer the two most common questions from beginners at Factor Analysis of Information Risk:
- Where do I get the data for analysis?
- What are the use cases to start analysis for effective use of FAIR and to build credibility in my organization for risk quantification?
Watch the webinar Common Uses Cases of FAIR Analysis - Beginner Chapter Meeting now on our LINK discussion board. A (free) FAIR Institute membership is required. Sign up for membership now.
On the data question, Tony will walk you through:
- Differences between qualitative and quantitative data and subjective vs. objective data, and how to find the sweet spot of data that’s both quantitative and objective.
- Three sources of data: External research (and how to apply it to your organization’s needs), internal data (from your incident response team) and your organization’s subject matter experts (and how to interview them).
To help address the second question, Tony has lined up six common use cases to fuel your FAIR program, with practical tips to get the FAIR analysis done:
- Ranking of risks for mitigation
- Gap analysis for cyber risk insurance coverage
- Decision to add or remove a control based on risk reduction
- ROI of a security project – cost vs. risk exposure
- Emerging risk analysis: How to handle oddball risks that keep the CEO up at night
- M&A analysis: How much risk would the organization take on?
“Fair allows for different kinds of decisions in cybersecurity,” Tony says. “This is the big unlock FAIR gives. It’s not just the numbers.”
Interested in FAIR training? See courses in quantitative risk management sanctioned by the FAIR Institute.