We often talk about the “FAIR™ journey” up from qualitative, compliance-oriented, or other less disciplined forms of cyber risk management to Factor Analysis of Information Risk.
Considering FAIR? Listen to this CISO’s Journey to Quantification
[fa icon="calendar'] Jun 9, 2021 3:17:58 PM / by Jeff B. Copeland posted in FAIR
“What They Didn’t Teach You in FAIR School” – Ground-level Insights on Building a Successful Quantitative Risk Analysis Program from Jack Whitsitt
[fa icon="calendar'] Jun 3, 2021 8:30:00 AM / by Jeff B. Copeland posted in FAIR, Member Content
Jack Whitsitt has been a FAIR practitioner since 2016, built the quantitative risk analysis program at Bank of America and is now doing the same at Datto (the services provider to MSPs)
FAIR Risk Basics: What Is Loss Magnitude?
[fa icon="calendar'] Apr 15, 2021 4:11:25 PM / by Jeff B. Copeland posted in FAIR
Factor Analysis of Information Risk (FAIR™) defines “risk” in a way that’s both simple and useful.
Risk = the probable frequency and probable magnitude of future loss
Download a 4-Point Primer on FAIR to Share with Your Organization
[fa icon="calendar'] Mar 31, 2021 10:29:00 AM / by Luke Bader posted in FAIR
FAIR Evangelists - Here's a short handy, persuasive explainer about the FAIR™ standard for cyber risk quantification that you can download in pdf form, suitable as a leave-behind after meeting with a small group or for circulating throughout your organization.
Australia Holding Board Members Responsible for Cyber Risk Exposure – Sydney Chapter Co-Chair Denny Wan Explains How to Comply with FAIR
[fa icon="calendar'] Mar 24, 2021 7:42:00 AM / by Jeff B. Copeland posted in FAIR
The Australian Prudential Regulation Authority (APRA), the licensing authority for banks, employer-sponsored retirement (“superannuation”) funds, financial services and insurance companies, is placing responsibility for cybersecurity squarely on board members
What the Texas Utility Disaster Says about Risk Management – with ‘Gray Rhino’ Author Michele Wucker
[fa icon="calendar'] Feb 24, 2021 11:31:49 AM / by Jeff B. Copeland posted in FAIR
It’s a risk analyst’s nightmare: An extremely low-frequency event with extremely high magnitude impact. That’s what the state of Texas has been living through
9 Bits of Advice from FAIR Experts for Faster, Better Cyber Risk Analysis
[fa icon="calendar'] Feb 4, 2021 9:51:45 AM / by Jeff B. Copeland posted in FAIR
Are your risk analyses suffering from scope creep, uncooperative SMEs, unbelievable results? Or are you just looking to make your well-oiled quantitative risk analysis process run even more smoothly?
En español: seminario web de caso de uso de la metodología FAIR (use case webinar in Spanish)
[fa icon="calendar'] Jan 27, 2021 12:39:00 PM / by Luke Bader posted in FAIR
Únase a nosotros para la presentación del seminario web de casos de uso, organizada por el Instituto FAIR en español, para aprender sobre el uso de FAIR para la implementación de un nuevo sistema de TI en Ascena Retail Group
FAIR Beginner's Guide: What Do the Numbers Mean?
[fa icon="calendar'] Jan 14, 2021 5:20:00 PM / by Taylor Maze posted in FAIR
As a FAIR consultant, I have seen many organizations go through the transformation from qualitative to quantitative risk management.
Common Sense: The Underrated Skill in FAIR Analysis
[fa icon="calendar'] Jan 13, 2021 8:26:00 AM / by Teresa Suarez posted in FAIR
Critical Thinking – it’s always promoted as a core skill needed for any Factor Analysis of Information Risk (FAIR™) practitioner. Rightly so.