Synopsis: The Common Vulnerability Scoring System (CVSS) is used throughout various industries for scoring vulnerabilities based on several metrics. These metrics focus on confidentiality, integrity and availability, the very well known CIA triad ingrained in the mentality of cybersecurity professionals and extends to maturity and environmental when and where the additional information is required.
How can you determine at what point in a piece of IT hardware’s lifecycle it should be updated? Using FAIR, the international standard for quantitative cyber and technology risk management, it is as simple as a three-step process.
If you’ve been in the cybersecurity profession for any length of time, you’ll have heard (or said) the old chestnut about two hikers who run into a bear on the trail. One hiker immediately takes off his hiking boots and puts on his running shoes.
Intel revealed a new speculative execution vulnerability named ZombieLoad and it is yet another processor execution bug in the style of Spectre and Meltdown that were made public in January of 2018.
The FAIR Institute is proud to announce the newest addition to the FAIR Institute Board of Advisors, Donna Gallaher, President and CEO, New Oceans Enterprises.
To provide a more convenient way to train your organization on risk quantification and assess the maturity of your risk management program...
The Enterprise Membership Program has been designed and created to provide group benefits to Institute member organizations.
Looking for a Quantitative Cyber Risk Specialist, a Risk Quantification Analyst or even a Senior Factor Analysis of Information Risk (FAIR) Analyst? It’s a sign of the rapid adoption of FAIR that organizations have recently been advertising for new hires with those titles
It’s an issue that comes up again and again at FAIR conferences, chapter meetings, webcasts or discussion boards: “I get the value of FAIR quantitative risk analysis – but I don’t know how or where I could start implementing it.”
I’ve observed an epidemic that is endemic to perfectionists and newer practitioners of quantitative cyber risk analysis: analysis paralysis. Here are some of the symptoms:
You’ve tried your hand at running one-off scenarios with FAIR, say to identify your top risks – now learn an ongoing use for FAIR to monitor your key risk indicators (KRIs).