The FAIR Institute is excited to announce our second annual nomination in the 2020 Advisen Cyber Risk Awards for the category of "Cyber Risk Model of the Year."
You may think of FAIR™ quantitative cyber risk analysis as narrowly focused on the technical side of cybersecurity but watch this short video of Christopher Porter, CISO at Fannie Mae and member of the FAIR Institute Advisory Board to learn how FAIR enables CISOs to think more broadly
In this short talk at the FAIR Institute Breakfast during the 2020 RSA Conference, Ascena Retail CISO Mark Tomallo transferred a lot of knowledge about starting and winning with a FAIR™ program
There are many reasons why cyber risk quantification utilizing the FAIR™ model has been adopted by 30% of the Fortune 1000.
If you were among the 700 RSA Conference attendees who sat in on one of the two half-day seminars introducing FAIR™, led by Jack Jones and Jack Freund (photo), co-authors of the FAIR book, you got a good look at the power of the FAIR model
Cyber risk quantification has often been seen as difficult or impossible due to the perceived lack of data on the subject. Many organizations do not have sophisticated logging systems which allow them perfect hindsight into past cyber events.
One common objection to quantitative risk analysis is that is harder or less efficient than its qualitative counterpart. While it is true that a quantitative analysis will always be more rigorous than the wet finger in the air approach, what I have found in becoming a quantitative risk analysis expert and training others for RiskLens, is that these notions of difficulty or inefficiency often come from not following best practices.
Many FAIR program leaders start at a ground level and work their way up to a board presentation. Chris Golden started at the top, as he tells FAIR Institute Director Luke Bader in this podcast interview, demonstrating FAIR to the board for the green light on a risk quantification initiative.
In March, 2019, I passed the ISACA CRISC exam and got certified in the next month. The CRISC is a great certificate because it shifts your mindset and helps you to establish standardized information risk management practices.
However, I decided not to stop there, but to further search for holistic and effective standards for cyber risk quantification
Researchers at the Federal Reserve of New York recently issued a study saying that intrabank “wholesale” payments are so concentrated in the top five banks that if any one of them were disrupted by a cyber attack, the result could be a liquidity crisis in the banking system – a kind of cyber run on the banks.