FAIR Institute Blog

Calculating Your Company’s Total Cybersecurity Risk Exposure (Part 2)

[fa icon="calendar'] Jun 16, 2021 3:17:49 PM / by Gideon Knocke posted in Member Content

[fa icon="comment"] 0 Comments

In the first part of my blog post I focused on calculating the impact of a cybersecurity breach in relation to a company’s size and industry. In part two, I present an approach to better understand how often a company will experience security breaches.

Read More [fa icon="long-arrow-right"]

“What They Didn’t Teach You in FAIR School” – Ground-level Insights on Building a Successful Quantitative Risk Analysis Program from Jack Whitsitt

[fa icon="calendar'] Jun 3, 2021 8:30:00 AM / by Jeff B. Copeland posted in FAIR, Member Content

[fa icon="comment"] 0 Comments

Jack Whitsitt has been a FAIR practitioner since 2016, built the quantitative risk analysis program at Bank of America and is now doing the same at Datto (the services provider to MSPs)

Read More [fa icon="long-arrow-right"]

Hacking the COVID Cold Chain: A Health Care Sector Example of FAIR

[fa icon="calendar'] Apr 26, 2021 4:06:32 PM / by Colin Connor and Itzik Kotler posted in Risk Management, Member Content

[fa icon="comment"] 1 Comment

In September, 2020, our IBM X-Force IRIS security analysis group began tracking strange phishing attacks targeting suppliers of HVAC equipment and services.

Read More [fa icon="long-arrow-right"]

Risk Analysis and Worst-Case Thinking

[fa icon="calendar'] Apr 22, 2021 8:08:35 AM / by Osama Salah posted in Member Content

[fa icon="comment"] 2 Comments

The generally accepted model for risk is that it is a function of frequency (some refer to it as probability or likelihood, i.e., how often the loss event will probably occur in a given time frame) and magnitude (how bad the event will probably be, consequences).

Read More [fa icon="long-arrow-right"]

Calculating Your Company’s Total Cybersecurity Risk Exposure (Part 1)

[fa icon="calendar'] Apr 21, 2021 10:11:36 AM / by Gideon Knocke posted in Member Content

[fa icon="comment"] 4 Comments

Quantifying risk scenarios using quantitative analyses helps understanding the exposure to specific risks, however, building a portfolio of quantified risks to understand and manage a company’s risk landscape comes with additional challenges.

Read More [fa icon="long-arrow-right"]

Create a Forward-Looking Risk Register - Part 2 of Tony Martin-Vegue's 'Modeling the Vulnerability du Jour'

[fa icon="calendar'] Apr 14, 2021 12:53:20 PM / by Tony Martin-Vegue posted in Risk Management, Member Content

[fa icon="comment"] 0 Comments

Strange, unusual, media-worthy vulnerabilities and cyberattacks… they seem to pop up every few months or so and send us risk managers into a fire drill. The inevitable questions follow:

Read More [fa icon="long-arrow-right"]

“Un-FAIR” Attestations: Applying FAIR to Third-Party Risk Management

[fa icon="calendar'] Mar 31, 2021 8:07:00 AM / by Donna Gallaher posted in Member Content

[fa icon="comment"] 0 Comments

The recent SolarWinds and Microsoft security issues remind us of the importance of Third-Party Risk Management (“TPRM”).  If your organization is using a one-scorecard-fits-all approach to TPRM, you may be wasting resources

Read More [fa icon="long-arrow-right"]

Meltdown, Spectre, Heartbleed - Risk Modeling the Vulnerability du Jour, Part 1: Framing

[fa icon="calendar'] Mar 30, 2021 2:23:57 PM / by Tony Martin-Vegue posted in Member Content

[fa icon="comment"] 0 Comments

Every few months or so, we hear about a widespread vulnerability or cyber attack that makes its way to mainstream news. Some get snappy nicknames and their very own logos

Read More [fa icon="long-arrow-right"]

Cybersecurity Risk, Fiduciary Liability and How to Manage Them from a Board’s Perspective

[fa icon="calendar'] Mar 9, 2021 2:40:00 PM / by Robert R. Patterson posted in Member Content

[fa icon="comment"] 1 Comment

In this blog post, I will share my thoughts on why cyber risk is considered a board level fiduciary responsibility, the need for a globally sourced set of board level cybersecurity best practices

Read More [fa icon="long-arrow-right"]

What to Do After You Pitch Quantitative Risk Analysis

[fa icon="calendar'] Feb 24, 2021 3:08:00 PM / by Caleb Juhnke posted in Member Content

[fa icon="comment"] 0 Comments

I wear my ‘FAIR™ evangelist’ badge proudly. I have had the opportunity to present quantitative risk analysis to a variety of audiences

Read More [fa icon="long-arrow-right"]
LEARN MORE

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts