Take notes on this webinar by Gregory Rothauser, lead information risk manager at Mass Mutual, the Fortune 100 insurance firm, if you’re looking for a case study on how to quickly and effectively implement FAIR quantitative risk analysis, especially if you’re subject to the New York Department of Financial Services rules mandating periodic, documented risk assessments.
Organizations with a mix of cutting-edge technologies and legacy systems need adaptable, agile frameworks that provide executives with a real-time view of cyber risks. They also need tools and processes to ensure that everyone from executives to practitioners practice sound, consistent risk management.
This is what a movement looks like. Membership in the FAIR Institute has now passed 3,000, about double the level of a year ago, as cyber risk quantification wins converts across industries
The FAIR Institute breakfast during the recent Gartner Security & Risk Management Summit was an opportunity for FAIR newbies to soak up advice from veteran practitioners.
OK, so Warren Buffet didn't really give information security advice. He gave investment advice. Risk management's objective, which I believe is the foundation of information security, is to make good investment decisions.
Omar Khawaja, the CISO at Highmark Health, is building one of the more ambitious programs to introduce FAIR we’ve heard of, in the complex risk environment of a company with insurance, hospital, retail eye care, and other health-related businesses.
New to FAIR quantitative analysis for cyber risk? I want to warn you about a newbie mistake I see that’s sure to make you waste time: Putting data collection ahead of scoping in a risk analysis.
Let’s talk DREAD (the mnemonic threat assessment framework, not the overwhelming feeling of despair associated with your reoccurring 4:30 p.m. Friday meeting). So, what is DREAD?
FAIR expert, Director of Technology Risk at Lending Club, and chair of the San Francisco Bay Area Chapter of the FAIR Institute, Tony Martin-Vegue is always at the cutting edge of thinking on cyber risk analysis.