FAIR Institute Blog

3 Quick Steps for FAIR Program Maturity

[fa icon="calendar'] Jan 27, 2022 9:00:00 AM / by Caleb Juhnke posted in Member Content

[fa icon="comment"] 0 Comments

“Don’t boil the ocean,” “manage expectations” and “baby steps” are common phrases that capture the mindset needed for consistent, sustained growth of a FAIR™ cyber risk quantification program. But every now and then it’s nice to get some quick wins to gain visibility and establish credibility within your organization.

Read More [fa icon="long-arrow-right"]

4 Questions and 4 Action Steps to Get a FAIR Program Off the Ground

[fa icon="calendar'] Nov 10, 2021 8:30:37 AM / by Evan Wheeler posted in Member Content, FAIR Conference 2021

[fa icon="comment"] 0 Comments

After watching Prashanthi and Tony’s fireside chat at the 2021 FAIR Conference about getting a FAIR program started, I was struck by the simple and insightful themes that they kept repeating.  Well, simple on paper, but not always easy to keep in mind when you’re in the thick of a FAIR rollout. 

Read More [fa icon="long-arrow-right"]

White Paper: Data Governance Practices for Cyber Risk Management

[fa icon="calendar'] Sep 8, 2021 3:13:33 PM / by Jeff B. Copeland posted in Member Content

[fa icon="comment"] 0 Comments

In an extensive white paper, Evan Wheeler, FAIR Institute Advisory Board Member and VP of Risk Management at Fintech firm NVDR, makes a strong case for the importance of data quality, integrity, and usability as core tenets of the data governance process

Read More [fa icon="long-arrow-right"]

Why Risk Teams Should Be Champions for Data Governance in Fintech Firms

[fa icon="calendar'] Jul 28, 2021 12:26:09 PM / by Evan Wheeler posted in Member Content

[fa icon="comment"] 0 Comments

Ask a cyber risk professional about data governance practices, and they will likely tell you tales of classification schemes, access controls, and encryption … but we often overlook the importance of data quality, integrity, and usability that are core tenants of a robust data governance process. 

Read More [fa icon="long-arrow-right"]

Calculating Your Company’s Total Cybersecurity Risk Exposure (Part 2)

[fa icon="calendar'] Jun 16, 2021 3:17:49 PM / by Gideon Knocke posted in Member Content

[fa icon="comment"] 0 Comments

In the first part of my blog post I focused on calculating the impact of a cybersecurity breach in relation to a company’s size and industry. In part two, I present an approach to better understand how often a company will experience security breaches.

Read More [fa icon="long-arrow-right"]

“What They Didn’t Teach You in FAIR School” – Ground-level Insights on Building a Successful Quantitative Risk Analysis Program from Jack Whitsitt

[fa icon="calendar'] Jun 3, 2021 8:30:00 AM / by Jeff B. Copeland posted in FAIR, Member Content

[fa icon="comment"] 0 Comments

Jack Whitsitt has been a FAIR practitioner since 2016, built the quantitative risk analysis program at Bank of America and is now doing the same at Datto (the services provider to MSPs)

Read More [fa icon="long-arrow-right"]

Hacking the COVID Cold Chain: A Health Care Sector Example of FAIR

[fa icon="calendar'] Apr 26, 2021 4:06:32 PM / by Colin Connor and Itzik Kotler posted in Risk Management, Member Content

[fa icon="comment"] 1 Comment

In September, 2020, our IBM X-Force IRIS security analysis group began tracking strange phishing attacks targeting suppliers of HVAC equipment and services.

Read More [fa icon="long-arrow-right"]

Risk Analysis and Worst-Case Thinking

[fa icon="calendar'] Apr 22, 2021 8:08:35 AM / by Osama Salah posted in Member Content

[fa icon="comment"] 2 Comments

The generally accepted model for risk is that it is a function of frequency (some refer to it as probability or likelihood, i.e., how often the loss event will probably occur in a given time frame) and magnitude (how bad the event will probably be, consequences).

Read More [fa icon="long-arrow-right"]

Calculating Your Company’s Total Cybersecurity Risk Exposure (Part 1)

[fa icon="calendar'] Apr 21, 2021 10:11:36 AM / by Gideon Knocke posted in Member Content

[fa icon="comment"] 4 Comments

Quantifying risk scenarios using quantitative analyses helps understanding the exposure to specific risks, however, building a portfolio of quantified risks to understand and manage a company’s risk landscape comes with additional challenges.

Read More [fa icon="long-arrow-right"]

Create a Forward-Looking Risk Register - Part 2 of Tony Martin-Vegue's 'Modeling the Vulnerability du Jour'

[fa icon="calendar'] Apr 14, 2021 12:53:20 PM / by Tony Martin-Vegue posted in Risk Management, Member Content

[fa icon="comment"] 1 Comment

Strange, unusual, media-worthy vulnerabilities and cyberattacks… they seem to pop up every few months or so and send us risk managers into a fire drill. The inevitable questions follow:

Read More [fa icon="long-arrow-right"]
LEARN MORE

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts