The latest issue of the ISACA Journal (available here to registered members) presents a detailed case study on the long-running FAIR™ program at Rock Holdings, Inc. (parent company of Quicken Loans and Rocket Loans)
With the ongoing big move to cloud storage to support working from home, it seems inevitable that we’re going to see more data breaches on Amazon S3 “buckets”, an evergreen cybersecurity problem. It happened again a week ago
Here’s a timely topic, with an army of office workers moved over to working at home due to the pandemic. In this short webinar (watch it below), Risk Consultant Christina Dulovich walks you through a FAIR™ analysis
In this short talk at the FAIR Institute Breakfast during the 2020 RSA Conference, Ascena Retail CISO Mark Tomallo transferred a lot of knowledge about starting and winning with a FAIR™ program
At the FAIR Institute Breakfast during the recent Gartner Security and Risk Management Summit, Robert Immella FAIR cyber risk analyst for KeyBank, gave a talk filled with actionable tips
Despite the increased focus and attention on data privacy triggered by GDPR that went into effect in May 2018, studies have shown that organizations still have some strides to make in order to be fully in compliance with the mandate. In fact, a recent survey by Varonis reported that many organizations continue to accumulate data that no longer needs to be retained, despite GDPR’s right-to-be forgotten clause.
At the FAIR Institute Breakfast meeting that ran parallel to the recent Gartner Security and Risk Management Summit, Matthew R. Martin, Senior Vice President Information Security and Technology, LPL Financial, gave a candid assessment of the challenges and opportunities in introducing FAIR to his organization.
The new NIST 800-63-3 Digital Identity Guidelines and FAIR were “made for each other”, writes Chip Block, VP at Evolver, Inc., (the operator of large-scale security operations centers for government and business) in an article just published on The Security Ledger website -- the guidelines establish levels of security based on risk, and FAIR sets monetary values for the risk, enabling organizations to prioritize spending.
I just wrapped an engagement helping a really great customer identify their top ten risks. Talk about commitment: They organized a book club where members of Information Security, Privacy and Audit were actively studying the FAIR book, Measuring and Managing Information Risk.
At the last club meeting, somebody said “I love the FAIR model and risk quantification. But how do I apply this to the risks that face me and my department?”
When Tony Martin-Vegue, Cyber Risk Manager at National Mortgage Insurance, presented this case study on measuring Distributed Denial of Service (DDoS) risk at FAIR Conference 2016, the world was only a week away from one of the largest DDoS attacks in history to-date.