Cybersecurity is no longer strictly an IT issue or even a risk management issue, it’s a strategic issue that runs across the enterprise, and boards need to oversee it accordingly.
In this video from the 2020 FAIR Conference, Harold Marcenaro, Head of Non-Financial Risk at BCP, Peru’s largest bank, tells how his risk management team supported a wider “digital transformation” initiative
As Netflix Sr. Information Security Risk Engineer Tony Martin-Vegue sees it, risk analysts typically get involved with business decision-making too late and with too little to offer for decision support.
If a common objection to quantitative cyber risk analysis is that it takes too much time for decision-support at the speed of business, the answer is triage with FAIR™
Sarina Hothi first heard about FAIR™ (Factor Analysis of Information Risk) at her job interview at DoorDash, the fast-growing, fast-moving food delivery service. She was so impressed, she went home and started studying the FAIR book.
You know your FAIR™ quantitative risk management program has hit its stride when business management turns to your team for quick, routine decision support.
Risk management is undergoing major changes in process and technology, Gartner Research Director Khushbu Pratap told the 2020 FAIR Conference, and risk and security leaders need to recognize and get out ahead of the key drivers at work.
You’re probably using the NIST CSF, the most popular cybersecurity framework, as a checklist of best practices but it could do a lot more for your organization.
It’s a common question: How to introduce quantitative risk analysis with FAIR™ (Factor Analysis of Information Risk) to an organization that’s traditionally run on a controls checklist/maturity model approach to cybersecurity risk management?
Government cyber risk professionals: This session at the 2020 FAIR Conference was packed with practical advice – you’ll want to listen carefully to the video but also download the slides