FAIR Institute Blog

The Economic Impact of ICS Vulnerabilities

[fa icon="calendar'] May 28, 2019 8:12:56 AM / by Denny Wan and Daniel Marsh posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

Synopsis: The Common Vulnerability Scoring System (CVSS) is used throughout various industries for scoring vulnerabilities based on several metrics. These metrics focus on confidentiality, integrity and availability, the very well known CIA triad ingrained in the mentality of cybersecurity professionals and extends to maturity and environmental when and where the additional information is required.

Read More [fa icon="long-arrow-right"]

How to Start a FAIR Program? Start Small

[fa icon="calendar'] May 8, 2019 11:37:30 AM / by Jeff B. Copeland posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

It’s an issue that comes up again and again at FAIR conferences, chapter meetings, webcasts or discussion boards: “I get the value of FAIR quantitative risk analysis – but I don’t know how or where I could start implementing it.”

Read More [fa icon="long-arrow-right"]

3 Remedies for Analysis Paralysis

[fa icon="calendar'] May 7, 2019 1:42:33 PM / by Teresa Suarez posted in FAIR

[fa icon="comment"] 0 Comments

I’ve observed an epidemic that is endemic to perfectionists and newer practitioners of quantitative cyber risk analysis: analysis paralysis. Here are some of the symptoms:

Read More [fa icon="long-arrow-right"]

Define Your Company’s Appetite for Risk with FAIR Analysis

[fa icon="calendar'] Apr 30, 2019 6:59:42 AM / by Rebecca Merritt posted in FAIR, Risk Management

[fa icon="comment"] 2 Comments

In basic terms, a company’s “risk appetite” is the level of risk the organization sees as acceptable.  Not surprisingly, some use the phrase “risk tolerance” interchangeably with “risk appetite” (there is an important difference: "tolerance" is how far off "appetite" the organization will go).

Read More [fa icon="long-arrow-right"]

3 Ways to Improve Identifying Your Cybersecurity Risks

[fa icon="calendar'] Apr 26, 2019 12:00:00 PM / by Christina Dulovich posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

Risk register has become a dirty phrase. It is a catch-all for any concern that keeps an executive up at night. Items such as “insiders”, “the Cloud”, and “data loss” adorn risk registers in organizations across industries. FAIR trained or not, it does not take a risk expert to tell you those items are not actionable.

Read More [fa icon="long-arrow-right"]

All-in-One Matrix: Regulatory Compliance Risk Assessment Overview for FAIR Practitioners

[fa icon="calendar'] Apr 26, 2019 8:14:36 AM / by Steve Reznik posted in FAIR, Risk Management, White Paper

[fa icon="comment"] 0 Comments

Industry guidelines and standards often strongly recommend or even require a “risk assessment” to satisfy various regulatory and compliance requirements. However, not all assessments are created equal as one entity’s assessment of risk may be another’s control evaluation.

Read More [fa icon="long-arrow-right"]

Vote Today: FAIR Nominated “Cyber Risk Model of the Year”

[fa icon="calendar'] Apr 17, 2019 12:27:44 PM / by Luke Bader posted in FAIR

[fa icon="comment"] 0 Comments

The FAIR Institute is excited to announce our nomination in the 2019 Advisen Cyber Risk Awards for the brand-new category of "Cyber Risk Model of the Year."

Read More [fa icon="long-arrow-right"]

Meet a Member Podcast: Jim Robert, Fidelity Investments, FAIR Institute New England Co-Chair

[fa icon="calendar'] Mar 27, 2019 8:40:00 AM / by Jeff B. Copeland posted in FAIR, Meet a Member

[fa icon="comment"] 1 Comment

New England FAIR Chapter Co-Chair, and Vice President for Enterprise Cybersecurity at Fidelity Investments, the giant ($7.4 trillion in customer assets) mutual fund company, Jim Robert has been a FAIR practitioner for three years.

Read More [fa icon="long-arrow-right"]

Cure Your Risk Analysis Paralysis: Balance Accuracy and Precision

[fa icon="calendar'] Mar 26, 2019 8:30:00 AM / by Rachel Slabotsky posted in FAIR

[fa icon="comment"] 0 Comments

I’ve heard critics of quantitative risk analysis challenge the approach, stating that it is “too difficult”, “time consuming” or that their organization is “simply not mature enough for quantification.” In my experience, a majority of such arguments can be addressed by revisiting a few fundamental FAIR concepts.

Read More [fa icon="long-arrow-right"]

[Video] From the FAIR Breakfast at RSAC, 3 Tips on Introducing FAIR to Your Organization

[fa icon="calendar'] Mar 18, 2019 8:35:17 AM / by Jeff B. Copeland posted in FAIR, Events, Fair Institute

[fa icon="comment"] 0 Comments

The FAIR Institute hosted its annual FAIR Breakfast in San Francisco in conjunction with the RSA Conference, featuring a panel of experienced FAIR practitioners.  Scroll down the page for the videos – watch for a wealth of tips on starting and running a quantitative risk analysis program.

Read More [fa icon="long-arrow-right"]
LEARN MORE

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts