Margarita Rivera learned about FAIR a half-dozen years ago in a technology risk management course, while earning a master’s in information systems at Harvard. “Total game changer,” she says. “The methodology behind it, the thought, the structure was one that just really changed my perspective in terms of how to deal with risk management.”
After holding infosec roles at Lennar and Univision, today Margarita is the Senior Director - Information Security for Lowe's Companies, Inc., a Fortune 50 company, and is a firm believer in the value of FAIR. “If I have to pick my top three benefits, it centers on objective decision making, measurable progress, and resource allocation.”
The result of applying FAIR, Margarita says, is ”you’re going to make risk-based decisions based on what adds the most value to the organization. The way executive management understands that is through quantification. Just saying I got rid of something that is ‘high’ -- it’s very different to say I lowered risk exposure by $4 million. That has a greater impact and resonates a lot more.
FAIR meets a major challenge facing the risk management profession, Margarita thinks. “There are a lot of perspectives out there, not one standard approach…Quantification is so important because it really hones in on the definitions. In risk management, solving uncertainty really starts in building that foundation…so we can all look at things from a similar perspective.”
Hear more tips and observations from Margarita on cyber risk management and the value of FAIR: Watch our Meet a FAIR Institute Member video podcast.
