The FAIR Institute community is a generous group when it comes to sharing techniques for success at risk analysis and risk management program building with FAIR cyber risk quantification – in the FAIR conferences, on the Institute blog, at local chapter meetings and in the new Slack channel for members.
We wear a lot of hats as we’re building and managing risk programs. Here’s a few of them...
When one hears about challenges in cyber risk quantifications, many topics such as reporting, data sourcing, budget, etc. may come to mind, but one of the most challenging aspects is scenario scoping
When I saw Jack Jones present on FAIR™ at an IANS Research Forum several years ago, it was like a light bulb went off in my head. I immediately ordered the FAIR book
As a graduate student exploring the emerging field of Behavioral Economics, or the science and art of judgment and decision-making, I have the unique opportunity to regularly draw from this study’s foundational concepts and directly apply them to communicate risk
“Don’t boil the ocean,” “manage expectations” and “baby steps” are common phrases that capture the mindset needed for consistent, sustained growth of a FAIR™ cyber risk quantification program. But every now and then it’s nice to get some quick wins to gain visibility and establish credibility within your organization.
After watching Prashanthi and Tony’s fireside chat at the 2021 FAIR Conference about getting a FAIR program started, I was struck by the simple and insightful themes that they kept repeating. Well, simple on paper, but not always easy to keep in mind when you’re in the thick of a FAIR rollout.
In an extensive white paper, Evan Wheeler, FAIR Institute Advisory Board Member and VP of Risk Management at Fintech firm NVDR, makes a strong case for the importance of data quality, integrity, and usability as core tenets of the data governance process
Ask a cyber risk professional about data governance practices, and they will likely tell you tales of classification schemes, access controls, and encryption … but we often overlook the importance of data quality, integrity, and usability that are core tenants of a robust data governance process.
In the first part of my blog post I focused on calculating the impact of a cybersecurity breach in relation to a company’s size and industry. In part two, I present an approach to better understand how often a company will experience security breaches.
