Whether it is difficulty with data gathering, calibrating estimates, or presenting results, problems that come up in FAIR analysis tend to stem from the same source: a lack of a clearly defined risk scenario statement.
The foundation of any good risk analysis is the rationale -- the documentation of the thought process driving the ranges you selected for analysis with the FAIR model.
Microsoft Learn, the software giant’s educational site for developers, architects and IT administrators, now highlights FAIR™ (Factor Analysis of Information Risk) in its tutorials on cloud security.
All summer, we are reading and discussing the FAIR™ book, Measuring and Managing Information Risk by Jack Freund and Jack Jones, the authoritative text on quantitative cyber risk analysis and risk management, with a new discussion guide every two weeks to help FAIR summer book clubs spark conversation.
With the first flight of an American spacecraft carrying NASA astronauts launched from US soil since 2011, a FAIR Institute Member sent us a note pointing out that the NASA Risk Management Handbook shares a lot of the spirit of FAIR™.
It’s a common misconception about quantitative risk analysis that not “enough” data or“bad” data means bad calibration. That’s not true in a couple of ways. First, one always has “enough” data to conduct an analysis and second, with calibrated estimation, we’re not dependent on the amount of data we bring to the table.
>>DHS/OMB mean well in pushing for a risk-based approach to cybersecurity in the Federal Government, but their requirements fall short of helping agencies effectively prioritize and right-size their cybersecurity investments
RSA has posted on YouTube many of the videos of the presentations at the 2020 RSA Conference, including several by FAIR™ advocates and experts that, if you missed them the first time around, are well worth a watch.
With the ongoing big move to cloud storage to support working from home, it seems inevitable that we’re going to see more data breaches on Amazon S3 “buckets”, an evergreen cybersecurity problem. It happened again a week ago
Here’s a timely topic, with an army of office workers moved over to working at home due to the pandemic. In this short webinar (watch it below), Risk Consultant Christina Dulovich walks you through a FAIR™ analysis