Cyber Risk Quantification (CRQ) is a process that helps organizations to measure and manage their information security risks in monetary values to determine which risks to focus on first, where to allocate cybersecurity resources and to understand how cyber risk specifically affects potential revenue, profit, and other measures of financial success.
Launching Your Cyber-Risk Quantification Journey with Confidence
[fa icon="calendar'] Apr 19, 2023 7:15:00 AM / by Jack Whitsitt posted in Member Content
Create a Forward-Looking Risk Register to Anticipate Supply Chain Attacks - Part 2 of 'Modeling the Vulnerability du Jour'
[fa icon="calendar'] Apr 6, 2023 10:08:43 AM / by Tony Martin-Vegue posted in Risk Management, Member Content
With supply-chain attacks very much in the news – see the Apache Log4j vulnerability or the 3CX VoIP software compromise – we’re bringing back into view this post by FAIR thought leader Tony Martin-Vegue on how to leverage a risk register to prepare for emerging risks.
5 Tips and Insights from FAIR Institute Members in 2022
[fa icon="calendar'] Feb 2, 2023 7:00:00 AM / by Luke Bader posted in Member Content
The FAIR Institute community is a generous group when it comes to sharing techniques for success at risk analysis and risk management program building with FAIR cyber risk quantification – in the FAIR conferences, on the Institute blog, at local chapter meetings and in the new Slack channel for members.
Leveraging the Human Element for a Successful FAIR Risk Management Program, Part 1
[fa icon="calendar'] Jan 26, 2023 11:11:19 AM / by Zach Cossairt posted in Member Content
We wear a lot of hats as we’re building and managing risk programs. Here’s a few of them...
Identifying the Right Risk Scenarios to Measure with FAIR
[fa icon="calendar'] Jun 28, 2022 9:30:00 AM / by Raksha Shenoy posted in Member Content
When one hears about challenges in cyber risk quantifications, many topics such as reporting, data sourcing, budget, etc. may come to mind, but one of the most challenging aspects is scenario scoping
Analyzing Privacy Risk Using FAIR
[fa icon="calendar'] Apr 5, 2022 6:08:00 PM / by R. Jason Cronk posted in Risk Management, Member Content
When I saw Jack Jones present on FAIR™ at an IANS Research Forum several years ago, it was like a light bulb went off in my head. I immediately ordered the FAIR book
Human Nature in Our FAIR Risk Programs: Work With It, Not Against It
[fa icon="calendar'] Feb 8, 2022 12:05:47 PM / by Zach Cossairt posted in Member Content
As a graduate student exploring the emerging field of Behavioral Economics, or the science and art of judgment and decision-making, I have the unique opportunity to regularly draw from this study’s foundational concepts and directly apply them to communicate risk
3 Quick Steps for FAIR Program Maturity
[fa icon="calendar'] Jan 27, 2022 9:00:00 AM / by Caleb Juhnke posted in Member Content
“Don’t boil the ocean,” “manage expectations” and “baby steps” are common phrases that capture the mindset needed for consistent, sustained growth of a FAIR™ cyber risk quantification program. But every now and then it’s nice to get some quick wins to gain visibility and establish credibility within your organization.
4 Questions and 4 Action Steps to Get a FAIR Program Off the Ground
[fa icon="calendar'] Nov 10, 2021 8:30:37 AM / by Evan Wheeler posted in Member Content, FAIR Conference 2021
After watching Prashanthi and Tony’s fireside chat at the 2021 FAIR Conference about getting a FAIR program started, I was struck by the simple and insightful themes that they kept repeating. Well, simple on paper, but not always easy to keep in mind when you’re in the thick of a FAIR rollout.
White Paper: Data Governance Practices for Cyber Risk Management
[fa icon="calendar'] Sep 8, 2021 3:13:33 PM / by Jeff B. Copeland posted in Member Content
In an extensive white paper, Evan Wheeler, FAIR Institute Advisory Board Member and VP of Risk Management at Fintech firm NVDR, makes a strong case for the importance of data quality, integrity, and usability as core tenets of the data governance process