Is Your Loss Magnitude Estimate Really Accurate? Get Answers at FAIRCON24

FAIR-MAM Schematic - Featured

The “right-hand side” of the FAIR model, underwent a significant upgrade with the introduction of FAIR-MAM (FAIR Materiality Assessment Model), and whether you are a long-time FAIR user or new to FAIR, we’re presenting a workshop at the upcoming FAIR Conference that will show you how to adopt this new standard and enjoy the benefits of a more accurate, granular and automation-friendly approach to Loss Magnitude.


FAIR Conference Workshop: Is Your Loss Magnitude Estimate Really Accurate?

8 AM – 12 PM on Monday, September 30

Fairmont Hotel, Washington, DC

Workshop Leaders:

  • Erica Eager, Senior Director, Risk Quantification, Safe Security, (creator of FAIR-MAM)
  • Robert Immella, Global Leader of Cyber Risk Quantification at a Fortune 100 company (who has built a framework to move from Original FAIR to FAIR-MAM)

Register now for the FAIR Conference to also register for the FAIR-MAM workshop.           

Loss Magnitude in Original FAIR vs. FAIR-MAM: 2 Key Changes

1.  Original FAIR has six forms of loss, FAIR-MAM features 10 primary cost modules (with submodules and customizable sub-submodules below those), for a more detailed breakdown and description of the factors that contribute to Loss Magnitude.

2.  The bottom row of Loss Magnitude, with Primary and Secondary Loss, is eliminated and those loss forms are distributed among the modules that may contain primary or secondary loss. This eliminates some awkwardness, for instance with Fines & Judgements as a single category with a single likelihood; FAIR-MAM covers a dozen different regulatory agencies each with its own likelihood.

FAIR-MAM Lab Sessions Will Be Hands-on

Rob and Erica will provide attendees  with the data needed to generate Loss Magnitude for three mini-case studies, using FAIR-MAM to process the attack data into an estimated Loss Magnitude. The three case studies are the recent Delta Air Lines CrowdStrike-induced outage as well as last year’s MGM ransomware attack and Okta’s most recent data breach. Using real-life examples of recent cyber loss events helps bring FAIR-MAM analysis to life.

Erica says, “We have designed this workshop to be interesting, very current and topical so people can: 1. walk away with the foundational elements of how to use the FAIR-MAM framework to build loss magnitude out of the air with data they can find publicly or from someone in their company and 2. defend the results.”

See FAIR-MAM in action at How Material Is that Hack

Defining ‘Materiality’

The workshop will also give attendees a chance to explore the concept of “materiality,” a key driver in adoption of FAIR-MAM to meet the requirements of the SEC and other regulators.

Risk analysts and cybersecurity teams apply FAIR-MAM prospectively to game out material-loss scenarios (and make a treat/transfer/tolerate call)... and in real-time, as an incident is unfolding, to determine if the company must disclose the incident to the authorities. “Really, any time you do a loss magnitude estimation, you are determining whether or not the risk scenario being modeled could be material to your organization,” Erica says. “Knowing the magnitude of potential losses if they were to occur is a critical component of cyber risk management.”

------

Attend the 2024 FAIR Conference in Washington, DC!

Training on September 29 and 30

Main conference sessions on October 1 and 2.

The theme of FAIRCON24 is "Managing Risk at the Speed of the Business" and will include over two dozen sessions with keynotes, expert panels, breakout tracks, and use case presentations to assist the CISO and information security team, in confirming their role as business leaders. Register now!

Learn How FAIR Can Help You Make Better Business Decisions

Order today
image 37