Watch the video of the Dropbox presentation:
Building a Quantitative Cyber Risk Program Based on FAIR at the Q1 event in the FAIRCON event series for 2022. FAIR Institute membership required to view. Join the FAIR Institute now.
1:26 Defining the FAIR program you want, from ad hoc analyses to a fully quantitative risk management program.
2:21 Challenges of building a FAIR program, from setting the vision to finding executive champions to “taking a hard look in the mirror and asking do those controls really do anything?”
6:12 Three-segment approach to building a FAIR program. “If one of them fails, the program fails.”
8:02 What goes into a data library: information verified by your subject matter experts and easily accessible for quick analysis. It’s important in reporting to stakeholders to “be crystal clear about the data you have” and where you are making educated estimations.
20:02 Resourcing. At least one to three people dedicated to FAIR, with emphasis on “dedicated” plus adequate tools (Dropbox uses RiskLens analytics software and ServiceNow risk registers).
26:07– Tyler wraps up his points on data libraries, governance and resources.