Here’s a timely topic, with an army of office workers moved over to working at home due to the pandemic. In this short webinar (watch it below), Risk Consultant Christina Dulovich walks you through a FAIR™ analysis she performed for a client through the RiskLens platform, on a risk scenario that’s probably very common right now: employees exporting PII to a cloud-hosted site for non-malicious reasons (like getting off an overloaded VPN to work more efficiently). Non-malicious, but still potentially costly in terms of customer lawsuits and remediation costs.
Watch the webinar now: Decrease Risk from Employees Working from Home
FAIR Institute Contributing Membership required to view. Join now!
The client, a large technology company, wanted to know its baseline risk and how much two alternative controls – a DLP solution vs. blocking access to cloud sites -- might reduce the risk in dollar terms. Before turning to FAIR analysis, the company would have been clueless with its high-medium-low, non-quantitative methods.
In clear language (with charts) Christina will show you how she handled the four steps of a FAIR analysis:
- ID baseline events, using the company’s known data on cyber incidents
- Determine the relevant factors of the FAIR model impacted
- On the RiskLens platform, update the baseline analysis for FAIR factors impacted by adding controls (DLP would reduce number of records that could be exported vs. cloud host block would reduce the frequency of events, or Vulnerability, in FAIR terms).
- Compare probable loss exposure reduction vs investment for the two alternatives.
As Christina sums it up, “from the DLP, we could see a great reduction, just coming from the numbers of records that could be breached vs all of the possible PII records that individual has access to. Our cloud hosting block had an even greater risk reduction that was reducing the frequency of the event happening at all…
“You’e able to compare that per event reduction to the overall investment, so let's say that it cost several million to implement the cloud block, you could flesh that out and really see in dollars and cents was the juice worth the squeeze, should we go ahead, and what is our best option to reduce our cyber risk from this particular loss event.”
Watch the webinar now: Decrease Risk from Employees Working from Home
(FAIR Institute Contributing Membership required)
Related:
Jack Jones on How the COVID-19 Pandemic Is Likely to Affect Cybersecurity Programs
