In our recent member survey, we asked “please rank the areas in which you would like to learn or sharpen your FAIR-related skills.” Taking a cue from the results, here is a short study guide covering the topics of most educational interest to the FAIR Institute membership.
FAIR creator Jack Jones introduced at the 2021 FAIR Conference this model for quantifying the effectiveness of controls, and it’s generating a lot of buzz and interest in the risk and security community. Several FAIR Institute teams are mapping FAIR-CAM to the leading cybersecurity controls frameworks and standards. Jack wrote an easy-to-follow explanation of the model in How Cyber Risk Management Is Like Buying a Bike for Your Daughter. FAIR Institute member Robert Immella also gave a presentation at FAIRCON21 on implementing the new model at KeyBank in Use Case for FAIR-CAM: Rapid Policy Exception Management.
--A Lot More to Read on FAIR-CAM
Ultimately, a FAIR program wins over an organization by showing clear value – but how to get to that point takes a combination of analytical and people skills. Here’s some advice based on solid experience: 5 Tips from CISOs on Making the Move to Quantitative Cyber Risk Management (FAIRCON2020 Video)
Join the FAIR Institute, receive a free introductory session with a FAIR Enablement Specialist
Successful FAIR program managers will tell you that the speed and quality come from carefully setting up the right processes. How Long Does It Take to Launch a FAIR Program? shows the way to structure a program based on results that best fit the needs of your organization. 5 Habits for Highly Effective Risk Analysis is about completing risk analysis tasks with “a lot more clarity,” to achieve actionable results for stakeholders.
Train in risk analysis with the world leaders in FAIR cyber risk quantification.
FAIR works with all the standards and frameworks for cyber and technology risk and brings the discipline of financial analysis to what otherwise could a checklist exercise in compliance. Here’s a sampler:
>>NIST Maps FAIR to the CSF - Big Step Forward in Acceptance of Cyber Risk Quantification
>>FAIR Institute and HITRUST Plan Integration of FAIR Standard and HITRUST CSF
>>COSO ERM’s Cyber Risk Guidance Recommends FAIR™
>>How FAIR & ISO 27001 Work Together
>>3 Steps to Combine MITRE ATT&CK and FAIR to Focus Cyber Risk Management
Learn more: Member Survey Results: High Interest in FAIR-CAM, High Concern on Ransomware