FAIR Institute Blog

FAIR Breakfast Case Study: LPL Financial Realigns Risk Management around FAIR (Video)

[fa icon="calendar'] Jun 25, 2019 8:45:00 AM / by Jeff B. Copeland posted in FAIR, Case Studies

[fa icon="comment"] 0 Comments

At the FAIR Institute Breakfast meeting that ran parallel to the recent Gartner Security and Risk Management Summit, Matthew R. Martin, Senior Vice President Information Security and Technology, LPL Financial, gave a candid assessment of the challenges and opportunities in introducing FAIR to his organization.

Read More [fa icon="long-arrow-right"]

3 Tips on Evaluating Cyber Insurance with the FAIR Model

[fa icon="calendar'] Jun 19, 2019 1:40:41 PM / by Jeff B. Copeland posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

In recent webinar co-hosted by the FAIR Institute and the Legal Services Information Sharing and Analysis Organization (LS-ISAO), Brooke Oppenheimer and Trish Carreiro, attorneys with Axinn, Veltrop, & Harkrider LLP, made the case that any organization looking to buy cyber insurance should first understand its cyber risk in financial terms through FAIR analysis. 

Read More [fa icon="long-arrow-right"]

Download 'Understanding Cyber Risk Quantification: The Buyer’s Guide' by Jack Jones

[fa icon="calendar'] Jun 17, 2019 3:00:00 PM / by Jeff B. Copeland posted in FAIR, White Paper

[fa icon="comment"] 0 Comments

From Jack Jones, Chairman of the FAIR Institute and creator of the FAIR model for cyber risk quantification (CRQ) — the definitive guide to understanding CRQ: What it is (and isn't), its value proposition and limitations, and facts regarding the misperceptions that are commonplace. 

Read More [fa icon="long-arrow-right"]

Take a Listen to this Webinar: Combining NIST-CSF and FAIR, Quantifying Risk to Drive Better Decision Making

[fa icon="calendar'] Jun 6, 2019 9:55:19 AM / by Luke Bader posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

From time to time, we come across some interesting FAIR related thoughts being shared by our partners. Last week, a fascinating webinar was hosted by Institute Technical Advisor, RiskLens

Read More [fa icon="long-arrow-right"]

The Economic Impact of ICS Vulnerabilities

[fa icon="calendar'] May 28, 2019 8:12:56 AM / by Denny Wan and Daniel Marsh posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

Synopsis: The Common Vulnerability Scoring System (CVSS) is used throughout various industries for scoring vulnerabilities based on several metrics. These metrics focus on confidentiality, integrity and availability, the very well known CIA triad ingrained in the mentality of cybersecurity professionals and extends to maturity and environmental when and where the additional information is required.

Read More [fa icon="long-arrow-right"]

How to Start a FAIR Program? Start Small

[fa icon="calendar'] May 8, 2019 11:37:30 AM / by Jeff B. Copeland posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

It’s an issue that comes up again and again at FAIR conferences, chapter meetings, webcasts or discussion boards: “I get the value of FAIR quantitative risk analysis – but I don’t know how or where I could start implementing it.”

Read More [fa icon="long-arrow-right"]

3 Remedies for Analysis Paralysis

[fa icon="calendar'] May 7, 2019 1:42:33 PM / by Teresa Suarez posted in FAIR

[fa icon="comment"] 0 Comments

I’ve observed an epidemic that is endemic to perfectionists and newer practitioners of quantitative cyber risk analysis: analysis paralysis. Here are some of the symptoms:

Read More [fa icon="long-arrow-right"]

Define Your Company’s Appetite for Risk with FAIR Analysis

[fa icon="calendar'] Apr 30, 2019 6:59:42 AM / by Rebecca Merritt posted in FAIR, Risk Management

[fa icon="comment"] 2 Comments

In basic terms, a company’s “risk appetite” is the level of risk the organization sees as acceptable.  Not surprisingly, some use the phrase “risk tolerance” interchangeably with “risk appetite” (there is an important difference: "tolerance" is how far off "appetite" the organization will go).

Read More [fa icon="long-arrow-right"]

3 Ways to Improve Identifying Your Cybersecurity Risks

[fa icon="calendar'] Apr 26, 2019 12:00:00 PM / by Christina Dulovich posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

Risk register has become a dirty phrase. It is a catch-all for any concern that keeps an executive up at night. Items such as “insiders”, “the Cloud”, and “data loss” adorn risk registers in organizations across industries. FAIR trained or not, it does not take a risk expert to tell you those items are not actionable.

Read More [fa icon="long-arrow-right"]

All-in-One Matrix: Regulatory Compliance Risk Assessment Overview for FAIR Practitioners

[fa icon="calendar'] Apr 26, 2019 8:14:36 AM / by Steve Reznik posted in FAIR, Risk Management, White Paper

[fa icon="comment"] 0 Comments

Industry guidelines and standards often strongly recommend or even require a “risk assessment” to satisfy various regulatory and compliance requirements. However, not all assessments are created equal as one entity’s assessment of risk may be another’s control evaluation.

Read More [fa icon="long-arrow-right"]
LEARN MORE

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts