The FAIR Institute is excited and honored to welcome Cisco Systems, Inc. as our newest Institute-wide sponsor. This strategic sponsorship includes collaboration on thought leadership & educational materials, sponsorship of the annual Risk Management Maturity Benchmark Survey, and presence at multiple Institute events, including the 2020 FAIR Conference and various local chapter meetings.
Cisco is committed to supporting the mission of the Institute with the use of FAIR™ both within the internal organization and across the risk management industry as an early adopter, and thought leader committed to making the internet a safer place.
The effort is led by La’Treall Maddox, Strategy Risk Operations Manager, Security & Trust Organization, Cisco. La’Treall has been involved with the Institute for several years, co-chairing the North Carolina Chapter, speaking at our annual FAIR Conference, and now as one of the newest members on the FAIR Institute Board of Advisors.
“The FAIR methodology is transforming our strategy by integrating a risk-based approach to information security and operational risk; changing the way we will communicate to the board and the business in financial terms,” said La’Treall.
La’Treall is the leading FAIR evangelist at the company, which is making a major push on risk quantification. Roughly 140 Cisco employees have been trained in the FAIR methodology. More than 80 of Cisco’s S&TO cyber security subject matter experts have been trained in FAIR through the RiskLens program; while the others have been peer-trained by employees who have passed the Open Group’s FAIR certification. The company has developed its own internal application to run on the FAIR model and has plans on scaling its risk quantification efforts internally.
Cisco is using the FAIR methodology to standardize how the company talks about and decomposes risk. Its framework has been paired with data analytics to scale threat vector scenario models informing operational and investment decisions. Early on, the focus was on individual use case modeling in support of return on risk mitigation decisions; this continues today.
However, from the outset, Cisco has had its sights on building capabilities for analyzing large bodies of assets simultaneously. This is no small undertaking. The company has been investing in the defensibility of the FAIR model’s statistical underpinnings, model assumptions, subject matter expert inputs, and loss magnitude resources for the past few years.
Cisco is also a strong advocate for cyber security talent pipeline development with research and academic partnerships globally. They believe that a well-rounded cyber security education should include business acumen and risk skills, which enable professionals to communicate cyber security risk in terms of financial and economic exposure for the business.
About Cisco
Cisco (NASDAQ: CSCO) is the worldwide technology leader that has been making the Internet work since 1984. Its people, products, and partners help society securely connect and seize tomorrow's digital opportunity today. Discover more at trust.cisco.com.
About the FAIR Institute
The FAIR Institute is an expert, non-profit organization led by information risk officers, CISOs and business executives, created to develop and share standard information risk management practices based on Factor Analysis of Information Risk (FAIR), the only international standard analytics model for information security and operational risk. FAIR helps organizations quantify and manage risk from the business perspective and enables cost-effective decision-making. Institute membership has now passed 7,500 and includes members from about 30% of Fortune 1000 companies.