Come to the 2022 FAIR Conference and come away with actionable insights from experienced hands at introducing and running quantitative risk management programs based on Factor Analysis of Information Risk (FAIR™).
Here are five conference sessions that will present case studies that get into the details on scaling FAIR to enterprise level, the theme of our conference.
FAIR Conference, Sept. 27-28, Washington, DC
Buy tickets for in-person or virtual attendance
1. Case Study: “FAIR: Okay, Now What?” - Steps to Set Up a Quantitative Risk Management Program at Any Organization
Michael Meis, Associate CISO, The University of Kansas Health System
Michael is still in early stages of introducing FAIR at this large health system (not his first FAIR launch) and he has some fresh insights. A high-level preview: First, understand where the pain points lie in current risk management, and apply FAIR there. Second, meet people where they are in their understanding of risk.
Learn more: Meet a Member Interview with Michael Meis
2. Case Study: Five Objections to FAIR and How to Overcome Them
Tony Martin-Vegue, Senior Information Security Risk Engineer, Netflix
Prashanthi Koutha, Senior Risk Engineer, Netflix
Quantitative risk analysis takes too long, the learning curve is too steep, etc., etc., etc. – if you’re trying to socialize FAIR at your organization, you’ve heard the objections. Tony and Prashanthi, two of the best communicators in the FAIR movement, will describe how they turned opposition to support at Netflix.
Learn more: How Netflix Rethinks Cyber Risk Analysis with FAIR (FAIRCON20 Video)
3. Case Study: Refining the “R” in GRC at Scale
Michael Radigan, Cyber Risk Advisor, Cisco
Mike has a key insight: So much of the struggle over security policy and compliance, and the friction among security, IT, audit, business owners and other teams has a root cause in the failure of the GRC to correctly handle risk. In this talk, he will give step-by-step advice on using FAIR to work through the conflict to scale your program.
4. Case Study: Harnessing The Voltage Effect to Scale Our FAIR Risk Programs
Zach Cossairt, Information Risk Program Manager, Equinix
And now for something completely different: Zach is both a FAIR analyst and a grad student in psychology (behavioral economics to be exact) and he’ll share how he is applying the lessons of The Voltage Effect: How to Make Good Ideas Great and Great Ideas Scale by University of Chicago Prof. John A. List to grow a FAIR program at Equinix, the global data centers company,
Learn more: Meet a Member Interview with Zach Cossairt
5. Case Study: Quantifying the Control and Risk Landscape Using FAIR-CAM
Tyler Britton, Quantitative Cyber Risk Manager, DropBox
Any session on FAIR-CAM™ is the hot ticket for this year’s FAIR Conference – the new FAIR Controls Analytics Model extends quantification to controls to assess their value in reducing risk. Hands-on experience with FAIR-CAM is still rare, so expect a full house for this presentation in which Tyler will get into the details on how to rethink your controls stack, combine attack models with FAIR-CAM and many more techniques to greatly improve the efficacy of security operations.
Learn more: Understanding the FAIR Controls Analytics Model (FAIR-CAM) by Jack Jones
