Second in a series of interviews of attendees at last year’s FAIR Conference, we asked three FAIR Institute members for quick notes on their experiences getting started and proving the value in cyber risk quantification.
How do you quantify the loss of all an organization’s data? Or loss of all availability? Or loss of data integrity that might lead to lives endangered?
In this video from the 2018 FAIR Conference, Steve Reznik, Director, Operational Risk Management and Marta Palanques, Director, Enterprise Risk Management at ADP, one of the most advanced quantitative cyber risk management shops, show how to identify and track key risk indicators (KRIs) over time to judge the real success of your inforisk management efforts.
With so much confusion in the marketplace about how much and what kind of cyber insurance to buy, experts from Marsh, AON, and more leading companies in the insurance space came together to form the FAIR Institute’s Cyber Insurance Workgroup to think through how the discipline of quantitative risk analytics could help clear the fog.
You’re sold on FAIR and quantitative risk analytics but until you bring your organization around, you’re just an army of one. In this panel discussion at the 2018 FAIR Conference, four successful FAIR intrapreneurs give some tips on how they built support, starting at the team level, and working their way up to the board of directors.
Case Study: Reporting to the Board: What Got You Here, Won't Get You There, a presentation by Omar Khawaja, CISO at Highmark Health at the recent 2018 FAIR Conference at Carnegie Mellon University was a master class in communicating risk to the board and the business. Omar was this year’s winner of the FAIR Institute’s Business Innovator Award for his ambitious and creative introduction of FAIR to Highmark.
You’re the CISO of a Fortune 1000 company and the VP of sales comes to you with the typical ransomware lock on a laptop screen. The VP says there’s a $10 million sale that can’t be closed because all the deal data is sitting on the local laptop, not the network. The VP wants the company to pay the 3,000-bitcoin ransom. What’s your recommendation?
How do you move your organization off an opinion-based approach to risk management and on to fact-based discussions, with quantitative risk analysis as the starting point?
Walmart is a FAIR champion in infosec (Joel Baese, Director, Governance and Decision Science, Information Security, has been a FAIRCON honoree and panelist) but the retailing giant is also pioneering quantitative risk analytics on the physical security side, as Christina Nelson, Director, GISAT Risk and Strategy, told the 2018 FAIR Conference.