"Expert judgment has always played a large role in science and engineering. Increasingly, expert judgment is recognized as just another type of scientific data …" -Goossens et al., “Application and Evaluation of an Expert Judgment Elicitation Procedure for Correlations”
Attendees at the FAIR Institute Breakfast during the recent Gartner Summit on Security and Risk Management heard tales of three successful FAIR cyber risk quantification programs from Matthew Martin of LPL Financial, Robert Immella of Key Bank and, lastly, Musso Shaikh, Program Manager, Cyber Threat Intelligence, at Fannie Mae, the big provider of mortgage financing.
To support the rapid pace of growth in new membership to the FAIR Institute - now at 6,000 members strong and anticipated to surpass 7,000 by year end - the FAIR Institute is growing its support capability and focus on enablement programs for all of its members worldwide.
New York Times reporters Stacy Cowley and Nicole Perlroth turned to FAIR Institute Chairman and RiskLens Chief Risk Scientist Jack Jones to answer the question, why are big banks in an Endless Fight with Hackers, as their article on the massive Capital One breach asks.
SMEs (that’s subject matter experts) own the systems, the applications, the processes and the business units in your organization—and own the data and insights you need to feed your cyber risk analytics.
Just published on Healthcare Innovation, Where Cybersecurity and Business Align: One CISO’s High-Level Perspective, profiles CISO Omar Khawaja’s success at introducing FAIR to Highmark Health, a leading healthcare delivery and insurance organization.
Expert elicitation is simple to define, but difficult to effectively use given its complexities. Most of us already use some form of expert elicitation while performing a risk analysis whenever we ask someone their opinion on a particular data point. The importance of using a structured methodology for collecting and aggregating expert opinion is understated in risk analysis
As a FAIR consultant, I have seen many organizations go through the transformation from qualitative to quantitative risk management. Often what I have found is that the transition from a world of no numbers (or very few numbers) to the quantitative risk world of numbers galore can be a little daunting.
Cyber insurance is an important element in the cyber risk management program, to enable the transfer of residual risks. As a result, insurance is often seen as the “doing nothing” option which represents a “moral hazard” to the insurer. This is far from the truth as policyholders must manage the non-insurable residual risks themselves
At the FAIR Institute Breakfast during the recent Gartner Security and Risk Management Summit, Robert Immella FAIR cyber risk analyst for Key Bank, gave a talk filled with actionable tips
