Factor Analysis of Information Risk (FAIR™) quantifies cyber and technology risk in financial terms and lifts communication about cyber risk up from technical “maturity” ratings or subjective red-yellow-green rankings to the financial language that business leadership can understand.
Judging by the most popular new blog posts published in 2021, FAIR Institute members are interested in the frontiers of thought on risk but also the day-to-day techniques and habits for steady improvement of risk analysis and management. Here are the eight biggest attention-getters
The Apache Log4j security vulnerability uncovered recently is every cybersecurity defender’s nightmare - a zero-day exploited in a practically ubiquitous software library. Because zero-day exploits aren’t going away anytime soon, it’s important for organizations to increase their resilience to this type of change in the risk landscape.
Tony Martin-Vegue, San Francisco Chapter Co-Chair, member of the quant risk team at Netflix, and one of the best FAIR™ educators we know, leads a webinar designed to answer the two most common questions from beginners at Factor Analysis of Information Risk:
Krebs On Security, the website of security researcher Brian Krebs…banks and post offices in New Zealand…Internet infrastructure provider Cloudflare…Russian Internet search company Yandex – all slammed in recent weeks
I previously wrote a blog post, My Risk Problem and How I Solved It, about how the lightbulb finally went on after learning FAIR™ - I realized that you can’t build a risk management program with just inherent and residual risk.
Women at any stage of a career in cyber risk, and especially young women considering the career, will find in this webinar many helpful tips on successfully navigating a male-dominated profession
In a recent webinar “Ransomware, Colonial Pipeline: A FAIR Perspective” RiskLens expert Cary Wise and Mike Radigan, a cyber risk management executive for a Fortune 100 company
Here’s a step-by-step look at how an experienced FAIR™ analyst starts with nebulous concerns that may fill your risk register now – items like Privileged Access Management, The Cloud, Data Breach – and shapes them into risk statements to set up a FAIR analysis.