Where are you at on your FAIR™ journey? Everyone has to start somewhere and often starting is the hardest part. Maybe you are FAIR trained and trying to figure out how to take the first step, maybe you use qualitative methods and still want to improve your program
To judge from the most-read topics of the year, FAIR Institute blog readers were focused on keeping up with the risk quantification movement and learning all they could about FAIR™ best practices. Leading off the list were the two big events of the year, the 2019 FAIR Conference and the addition of FAIR to the NIST CSF
One of the breakthroughs of cyber risk quantification through FAIR™ is to finally place cyber on a par with the other risks that roll up into enterprise risk management (ERM) instead of remaining in its own special silo. But to get to that place takes an effort at communication and coordination and even some org chart changes
FAIR™ can support every stage of a risk management program, as Greg Rothauser, Enterprise Business Information Information Security Officer (BISO) for MassMutual, told a session at the 2019 FAIR Conference – starting with the widely used wheel from NIST 800-39: Frame / Assess / Respond / Monitor.
For ground-level, hands-on, advice on starting a FAIR™ quantitative risk management program, the Use Case Panorama session at the recent 2019 FAIR Conference was the place to be.
Brandon Myers works IT security for Mastercard but also mission security for the Air Force as a member of the Reserve. We caught up with him at the 2019 FAIR Conference where he had just completed FAIR training (he rated it “amazing”). Brandon had an interesting psychological take on the value of FAIR:
Don’t think of cybersecurity standards and frameworks as checklists – think of them as recipes with plenty of room for “season to taste.” That was the message coming out of a panel discussion at the 2019 FAIR Conference on the topic “Building a Cybersecurity Program with a Risk Management Framework & FAIR,”
Led by FAIR model creator Jack Jones, the panel discussion “CISO Panel: Defining the Goals of an Effective Risk Management Program” at the recent 2019 FAIR Conference, covered a lot of ground. Four chief information security officers - speaking from hands-on experience - discussed everything from building a FAIR program, to briefing the board
Daniel Davis, Security Analyst at Lyft in San Francisco, came to FAIR from an unusual, non-IT perspective – safety engineering. He first came to Lyft to work on safety for autonomous cars. “The way that FAIR defines risk as threat, asset and impact…is very similar to the way that safety engineering has treated hazards for years,” he says.
If you’re not in government IT, particularly state and local government, you may not have heard of Tyler Technologies, but it’s the largest software company in the nation solely focused on providing integrated software and technology services to the public sector. The company offers a huge range of software as a service applications
