Let’s talk DREAD (threat modeling, not the overwhelming feeling of despair associated with your reoccurring 4:30 p.m. Friday meeting). So, what is the DREAD threat model?
How to Use DREAD Analysis with FAIR
[fa icon="calendar'] Feb 21, 2023 5:54:00 PM / by Taylor Maze posted in FAIR
Inherent Risk vs. Residual Risk Explained in 90 Seconds
[fa icon="calendar'] Feb 15, 2023 5:09:00 PM / by Rachel Slabotsky posted in FAIR
I recently had a conversation with clients around a risk analysis they conducted and noticed as they walked me through it that they seemed to get hung up on the terms “inherent risk” and “residual risk” and the inherent risk definition for that particular scenario.
'Risk Appetite' vs. 'Risk Tolerance'. What’s the Difference?
[fa icon="calendar'] Feb 7, 2023 4:49:00 PM / by FAIR Institute Staff posted in FAIR, Risk Management
The terms “risk appetite” and its close cousin “risk tolerance” are often poorly understood, very rarely used to good effect, and commonly used interchangeably.
3 Key Concepts in FAIR
[fa icon="calendar'] Aug 8, 2022 8:30:00 AM / by Jeff B. Copeland posted in FAIR
Factor Analysis of Information Risk (FAIR™) is referred to as the standard model for cyber risk quantification – and it is indeed that highly useful tool for analyzing risk in non-technical, business terms. But it’s also a set of key concepts that enable critical thinking
Attacking FAIR - A Reply by Jack Jones
[fa icon="calendar'] Jul 27, 2022 5:42:49 PM / by Jack Jones posted in FAIR, Jack Jones
It was bound to happen. For years, Factor Analysis of Information Risk (FAIR™) was, for all intents and purposes, the only Cyber Risk Quantification (CRQ) model out there.
10 Reasons Why FAIR Is the Standard for Cyber Risk Quantification (Infographic)
[fa icon="calendar'] Jul 19, 2022 2:21:15 PM / by Jeff B. Copeland posted in FAIR
"Cyber risk quantification” – it’s a term loosely applied to putting any kind of number on risk in cybersecurity. But there is a highly developed standard for quantitative analysis of cyber risk in the financial terms that support well-informed decision-making: Factor Analysis of Information Risk (FAIR™).
Jack Jones Rebuts ‘FAIR Fatigue’, an Article Filled with Misrepresentations of Factor Analysis of Information Risk (FAIR), the Standard for Risk Quantification
[fa icon="calendar'] Jul 11, 2022 3:50:04 PM / by Jack Jones posted in FAIR
It’s not often that I’m surprised by someone’s actions on the Internet, but I’ll admit to being surprised today.
10 Reasons Why FAIR Is Winning
[fa icon="calendar'] May 17, 2022 3:57:43 PM / by Nicola (Nick) Sanna posted in FAIR
Why did FAIR™ (Factor Analysis of Information Risk) emerge as the de facto number-one standard model for cyber, technology and operational risk analysis? No other risk model supports defensible quantitative analysis in the financial terms
FAIR vs. Proprietary Cyber Risk Analysis Models: What’s the Difference? Jack Jones Explains
[fa icon="calendar'] Mar 9, 2022 10:38:13 AM / by Jeff B. Copeland posted in FAIR
A recent report by an industry research firm stated that, for quantitative cyber risk management, CISOs had to choose among Factor Analysis of Information Risk (FAIR™), proprietary models for risk analysis or a combination of the two.
4 Ways FAIR Cyber Risk Analysis Saves Money
[fa icon="calendar'] Mar 2, 2022 5:13:31 PM / by Jeff B. Copeland posted in FAIR, Risk Management
By quantifying cyber risk in financial terms, Factor Analysis of Information Risk (FAIR™) brings a bottom-line focus to budgeting and spending decisions