We often talk about the “FAIR™ journey” up from qualitative, compliance-oriented, or other less disciplined forms of cyber risk management to Factor Analysis of Information Risk.
Jack Whitsitt has been a FAIR practitioner since 2016, built the quantitative risk analysis program at Bank of America and is now doing the same at Datto (the services provider to MSPs)
Factor Analysis of Information Risk (FAIR™) defines “risk” in a way that’s both simple and useful.
Risk = the probable frequency and probable magnitude of future loss
FAIR Evangelists - Here's a short handy, persuasive explainer about the FAIR™ standard for cyber risk quantification that you can download in pdf form, suitable as a leave-behind after meeting with a small group or for circulating throughout your organization.
The Australian Prudential Regulation Authority (APRA), the licensing authority for banks, employer-sponsored retirement (“superannuation”) funds, financial services and insurance companies, is placing responsibility for cybersecurity squarely on board members
What the Texas Utility Disaster Says about Risk Management – with ‘Gray Rhino’ Author Michele Wucker
It’s a risk analyst’s nightmare: An extremely low-frequency event with extremely high magnitude impact. That’s what the state of Texas has been living through
Are your risk analyses suffering from scope creep, uncooperative SMEs, unbelievable results? Or are you just looking to make your well-oiled quantitative risk analysis process run even more smoothly?
Únase a nosotros para la presentación del seminario web de casos de uso, organizada por el Instituto FAIR en español, para aprender sobre el uso de FAIR para la implementación de un nuevo sistema de TI en Ascena Retail Group
As a FAIR consultant, I have seen many organizations go through the transformation from qualitative to quantitative risk management.
Critical Thinking – it’s always promoted as a core skill needed for any Factor Analysis of Information Risk (FAIR™) practitioner. Rightly so.
