FAIR Institute Blog

[Video] FAIRCON18 Panel: How FAIR and TBM Work Together to Show the Business Value of Cybersecurity

[fa icon="calendar"] Nov 14, 2018 8:30:00 AM / by Jeff B. Copeland

Paula Medders HPE FAIRCON18In recent years, many CIOs in big enterprises and government have successfully positioned themselves as not just IT operators but business enablers, using the discipline of Technology Business Management (TBM), a set of best practices to consistently communicate both the cost and the value of IT services.

But there’s been one outlier, cybersecurity; CISOs couldn’t communicate cyber risk and return in financial terms. FAIR solves that problem, and no surprise that organizations running TBM programs are also signing up for FAIR.

The TBM Council, the FAIR Institute and the Open Group (holder of the OpenFAIR Standard) are working now on aligning the two standards to speed up this integration.  

At the recent 2018 FAIR Conference, Institute Chair Jack Jones hosted the panel discussion  “FAIR & TBM: Two Standards Come Together for Managing Technology and Risk from the Business Perspective”, with Todd Tucker the TBM Council’s VP, Standards, Research, and Education, and TBM practitioner Paula Medders, Senior Program Manager - Cyber Security, HPE.


Todd Tucker TBM FAIRCON18Watch the video of the discussion for some hands-on tips on how to tie a FAIR program into the broader IT agenda of your organization. FAIR Institute membership required – sign up for free membership now.


“If I were a CISO and found out my organization was engaged in TBM, I’d be all over that,” Jack Jones comments. “I can’t begin to count the number of security people who say, ‘I don’t know what I don’t know.’ There are all kinds of opportunity for visibility into the risk landscape, for data points for the kinds of things we want to measure from a risk standpoint.” As example, Jack points to measuring the impact in a FAIR analysis on ransomware and being able to see all the connections among affected applications and the business processes they serve.

Paula Medders shared her project documents showing how HPE applied TBM to cybersecurity functions in a transformation very much like a FAIR implementation – moving from “a capability mindset to service-oriented mindset,” as she says, and showing “how cybersecurity adds value above and beyond the cost of spend.”

Medders says the TBM approach combined with FAIR can be an effective tool of persuasion for CISOs by providing “visibility to business partners on how they could impact the cost of cybersecurity in their business” by, for instance, reducing risky practices. TBM can also be used to make the case for cybersecurity budget, she says. Watch the video now

Related: More coverage of the 2018 FAIR Conference

Topics: FAIR Conference 2018, Risk Management

Jeff B. Copeland

Written by Jeff B. Copeland

Jeff is the Content Marketing Manager for RiskLens.

Join the FAIR Community

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts