Risk management is undergoing major changes in process and technology, Gartner Research Director Khushbu Pratap told the 2020 FAIR Conference, and risk and security leaders need to recognize and get out ahead of the key drivers at work.
You’re probably using the NIST CSF, the most popular cybersecurity framework, as a checklist of best practices but it could do a lot more for your organization.
It’s a common question: How to introduce quantitative risk analysis with FAIR™ (Factor Analysis of Information Risk) to an organization that’s traditionally run on a controls checklist/maturity model approach to cybersecurity risk management?
Government cyber risk professionals: This session at the 2020 FAIR Conference was packed with practical advice – you’ll want to listen carefully to the video but also download the slides
For a fresh take on getting the most out of your risk analysts and subject matter experts (SMEs), watch the video of Douglas Hubbard’s session at the 2020 FAIR Conference
James Lam, world authority on enterprise risk management and former chair of the risk oversight committee for the board of E*TRADE, has been setting a goal in FAIR Conference sessions since 2018 that cyber risk management must pull itself up to the level of enterprise risk management
The federal Office of the Comptroller of the Currency (OCC) is serious about policing risk management at federally regulated banks and savings and loans – just in the last few weeks, it fined USAA Federal Savings Bank, Citigroup and Morgan Stanley a collective $545 million for risk management failures.
Get your reporting in line with board thinking – that was the overall message for CISOs from the roundtable discussion at the recent 2020 FAIR Conference, “Helping the Board Exercise Proper Cyber Risk Oversight”.
Three experienced FAIR™ CISOs (and one CIRO) got down to cases on how they introduced FAIR analysis and won acceptance for cyber risk quantification
The U.S. Securities and Exchange Commission keeps raising the bar for public companies on what it expects for disclosure of cyber risk