After a short summer break, the FAIR Institute Operational Risk workgroup met again in August to continue our project using the FAIR methodology to revise a typical list of “top operational risks” (we found our list on Risk.net).
Look for thousands of job listings next year for “data protection officer” to meet a requirement of the European Union’s General Data Protection Regulation, the privacy law that goes into effect May 18, 2018. Here’s a quick rundown to see if you need to start shopping for a DPO, as well.
Donald Freese, Deputy Assistant Director of the FBI in the information technology branch, gave the opening keynote talk last week to the (ISC)² Security Congress in Austin, and hit some themes inspired by FAIR.
The new NIST 800-63-3 Digital Identity Guidelines and FAIR were “made for each other”, writes Chip Block, VP at Evolver, Inc., (the operator of large-scale security operations centers for government and business) in an article just published on The Security Ledger website -- the guidelines establish levels of security based on risk, and FAIR sets monetary values for the risk, enabling organizations to prioritize spending.
UPDATE: The FAIR-U training app is now available. Get access to the web app now.
At the FAIR Conference in mid-October, the FAIR Institute will introduce FAIR-U, our first officially sanctioned training application for running FAIR risk analysis, guaranteed to correctly leverage the FAIR model.
Precise definitions of the factors that go into an accurate risk analysis – that may be the bottom line advantage of the FAIR approach. For a great example, take Vulnerability, loosely defined as "weakness" most often, but FAIR gives it a focussed and more useful meaning: “the probability that a threat event will become a loss event.”
FAIR Institute Chairman Jack Jones was interviewed by Jeffrey Kutler of the Global Association of Risk Professionals for an article published on the GARP website, “Signs of Acceptance and Maturity for the FAIR Model”.
The article is vintage Jack. A sample:
The 2017 FAIR Conference is less than a month away and there are only 10 days left to secure your spot at discount pricing, ending September 30.
Since our founding, The FAIR Institute has received an increasing number of requests to create an information risk management course based on FAIR. We are responding to those personal requests, and to a market demand, to help create risk analysts who are well trained and well versed in quantitative risk analysis.
As a risk consultant, I run a lot of meetings for project scoping or data gathering that bring together people from around a company, usually with different perspectives and agendas. Often these meetings require that everyone come together and agree on a direction for a risk analysis project.