While the beachhead for FAIR™ adoption in most organizations is on the cyber side, Michael Kenney, Vice President of Operational Risk for the Multifamily business line at Freddie Mac, the big secondary mortgage buyer, is introducing FAIR and quantification starting from the operational risk side – or, as he says with a “wider footprint.”
“For me, the key challenge for risk professionals today is what I call footprint and how wide is that footprint,” Michael says. “That means your network, your knowledge…You need a wide footprint in order to tap into the experts when the situation calls for it.
“For example, a cyber attack could be both disruptive and destructive. Along with the business, the risk professional needs to understand the what as well as who has been compromised and then deploy potentially many different responses: a data recovery response, a resiliency response or a public relations response…So they’ll need to know who to tap into and also at what level – at the executive level, and at the top of the leadership pyramid.”
Meet more FAIR Institute members like Michael – and join 8,000-plus of your peers. Become a FAIR Institute member (it’s free to security and risk professionals).
And that’s part of the appeal for Michael of the FAIR model: its portability across different functions of the business, as the standard for quantifying risk in financial terms, the common language of business.
Listen to our conversation to learn more about Michael’s experience leading FAIR adoption at Freddie Mac, including moving the organization away from qualitative heat maps to thinking in terms of risk scenarios and applying FAIR analysis to fraud, data privacy and business resiliency scenarios -- and, on a personal note, how he’s helping his son recover from a serious sports injury.
Michael was also a panelist at FAIRCON19. Watch the video of the discussion Integrating Cyber Risk into ERM with Experts from BlackRock, DTCC, Freddie Mac.