FAIR Institute Blog

Risk Analysis and Worst-Case Thinking

[fa icon="calendar'] Apr 22, 2021 8:08:35 AM / by Osama Salah posted in Member Content

[fa icon="comment"] 2 Comments

The generally accepted model for risk is that it is a function of frequency (some refer to it as probability or likelihood, i.e., how often the loss event will probably occur in a given time frame) and magnitude (how bad the event will probably be, consequences).

Read More [fa icon="long-arrow-right"]

Calculating Your Company’s Total Cybersecurity Risk Exposure (Part 1)

[fa icon="calendar'] Apr 21, 2021 10:11:36 AM / by Gideon Knocke posted in Member Content

[fa icon="comment"] 4 Comments

Quantifying risk scenarios using quantitative analyses helps understanding the exposure to specific risks, however, building a portfolio of quantified risks to understand and manage a company’s risk landscape comes with additional challenges.

Read More [fa icon="long-arrow-right"]

Create a Forward-Looking Risk Register - Part 2 of Tony Martin-Vegue's 'Modeling the Vulnerability du Jour'

[fa icon="calendar'] Apr 14, 2021 12:53:20 PM / by Tony Martin-Vegue posted in Risk Management, Member Content

[fa icon="comment"] 0 Comments

Strange, unusual, media-worthy vulnerabilities and cyberattacks… they seem to pop up every few months or so and send us risk managers into a fire drill. The inevitable questions follow:

Read More [fa icon="long-arrow-right"]

“Un-FAIR” Attestations: Applying FAIR to Third-Party Risk Management

[fa icon="calendar'] Mar 31, 2021 8:07:00 AM / by Donna Gallaher posted in Member Content

[fa icon="comment"] 0 Comments

The recent SolarWinds and Microsoft security issues remind us of the importance of Third-Party Risk Management (“TPRM”).  If your organization is using a one-scorecard-fits-all approach to TPRM, you may be wasting resources

Read More [fa icon="long-arrow-right"]

Meltdown, Spectre, Heartbleed - Risk Modeling the Vulnerability du Jour, Part 1: Framing

[fa icon="calendar'] Mar 30, 2021 2:23:57 PM / by Tony Martin-Vegue posted in Member Content

[fa icon="comment"] 0 Comments

Every few months or so, we hear about a widespread vulnerability or cyber attack that makes its way to mainstream news. Some get snappy nicknames and their very own logos

Read More [fa icon="long-arrow-right"]

Cybersecurity Risk, Fiduciary Liability and How to Manage Them from a Board’s Perspective

[fa icon="calendar'] Mar 9, 2021 2:40:00 PM / by Robert R. Patterson posted in Member Content

[fa icon="comment"] 0 Comments

In this blog post, I will share my thoughts on why cyber risk is considered a board level fiduciary responsibility, the need for a globally sourced set of board level cybersecurity best practices

Read More [fa icon="long-arrow-right"]
LEARN MORE