In Part 1 of this series, I discussed that the market for cyber risk quantification (particularly automated CRQ) is growing rapidly, but that automation, done poorly, can to more harm than good. In this post, I’ll begin to discuss what it takes to automate CRQ responsibly.
Thanks to all the FAIR Institute members who responded to our recent short survey letting us know how we can best serve you in 2022
Until recently, it’s mostly been organizations with visionary and early adopter tendencies who have embraced cyber risk quantification (CRQ). They understood the value and were willing to deal with the challenges.
Richemont is the parent to 26 luxury brands, all famous names in jewelry, watches, clothing, and accessories, each managed as a separate “Maison.” “When we wanted to compare risk within a business or across businesses, it was complicated”
We’re hearing increasingly that organizations successful at managing cyber risk in financial terms with Factor Analysis of Information Risk (FAIR™) are now looking to enterprise risk management as the next frontier for quantitative risk management.
Registration is open for the FAIR Institute’s 2022 FAIR Conference (FAIRCON22), September 27-28, with optional training courses pre-FAIRCON22. We are excited to be hosting FAIRCON22 back in person at the Mandarin Oriental Hotel in Washington, DC
Dropbox is taking a methodical and thoughtful approach to implement its FAIR quantitative risk management program, led by cyber risk manager Tyler Britton
“Cyber risk quantification for all” is the promise of the new My Cyber Risk Benchmark tool introduced at the first quarterly event in the 2022 FAIR Conference series by RiskLens, the FAIR Institute’s technical adviser.
Since Jack Jones introduced the FAIR Controls Analytics Model (FAIR-CAM™) at the 2021 FAIR Conference, “I get asked all the time, ‘Can we take our NIST CSF scores and plug them into FAIR-CAM and measure controls efficacy and risk reduction value?’”