Block runs through a case study to make the point. An organization that hasn’t updated security in years faces two choices:
And the board asks: “How much more secure will we be after spending the money?”
Block (who leads the Washington, DC, chapter of the FAIR Institute) shows how a FAIR analysis reveals the organization’s strongest concentration of risk is around five asset areas. Then, FAIR answers in financial terms the questions in the NIST risk rating system to guide the organization to a sophisticated, varied approach to identity authentication for different assets.
Read a more extensive version of Block’s article on NIST Digital Identity Guidelines and FAIR on the Evolver website.