FAIR Institute Blog

PRMIA Survey Finds Data a Major Pain Point for Risk Managers

[fa icon="calendar'] Oct 7, 2021 7:57:00 AM / by Jeff B. Copeland posted in Risk Management

[fa icon="comment"] 0 Comments

A recent survey by the Professional Risk Managers International Association (PRMIA) uncovered high frustration among risk professionals with data – the quality, usability, and general time suck required for the raw material of risk analysis.

Read More [fa icon="long-arrow-right"]

3 Ways FAIR Integrates with Your Existing Cybersecurity Programs

[fa icon="calendar'] Aug 19, 2021 8:30:24 AM / by Maria Echaniz posted in Risk Management

[fa icon="comment"] 0 Comments

As a member of the FAIR Enablement Specialist (FES) team at the FAIR Institute, I consult for many individuals and teams as they start on their journeys to better risk management through cyber risk quantification

Read More [fa icon="long-arrow-right"]

Who Uses FAIR? Six Organizations Leading the Way on Cyber Risk Quantification

[fa icon="calendar'] Aug 4, 2021 12:00:00 PM / by Jeff B. Copeland posted in Risk Management

[fa icon="comment"] 0 Comments

We have a deep bench of organizations practicing Factor Analysis of Information Risk (FAIR™) represented by the 11,000+ members of the FAIR Institute. Here’s a small sample of public and private enterprises that have shared details on their FAIR programs with our membership. 

Read More [fa icon="long-arrow-right"]

ACCA Urges Accountants to Play a Leading Role in Assessing and Communicating Risk

[fa icon="calendar'] Jul 20, 2021 10:47:43 AM / by Jeff B. Copeland posted in Risk Management

[fa icon="comment"] 0 Comments

A new white paper from the Association of Chartered Certified Accountants (ACCA), “Rethinking Risk for the Future”, argues that “accountancy is playing an increasingly larger role in navigating organizations through the urgent problems and interconnected risks

Read More [fa icon="long-arrow-right"]

Prioritizing Cloud Security Controls Using FAIR

[fa icon="calendar'] Jul 14, 2021 8:51:17 AM / by Sambit Misra posted in Risk Management

[fa icon="comment"] 0 Comments

Companies have gradually been moving to the cloud for years, but still need a model for prioritizing security initiatives for their cloud migration. Feedback from our clients is that organizations spread across multiple geographies, markets and business functions operate in silos

Read More [fa icon="long-arrow-right"]

How to Quantify Total Cyber Risk for an IT Asset with FAIR

[fa icon="calendar'] Jul 13, 2021 11:02:00 AM / by Tyler Britton posted in Risk Management

[fa icon="comment"] 2 Comments

Total risk for an IT asset such as a data repository or web app is exactly what is sounds like: the aggregate risk to a digital asset posed by relevant cybersecurity risk scenarios. That is, an asset will have a combination of relevant scenarios

Read More [fa icon="long-arrow-right"]

SEC vs. First American Financial Sends a Message – Identify and Disclose Top Cyber Risk or We’ll Fine You

[fa icon="calendar'] Jun 30, 2021 11:52:51 AM / by Jeff B. Copeland posted in Risk Management

[fa icon="comment"] 0 Comments

In a warning of a get-tough policy on cyber risk management, the Securities and Exchange Commission (SEC) has fined First American Financial Corp. (FAFC), finding that the major title insurance and escrow company “did not have any disclosure controls and procedures related to cybersecurity,

Read More [fa icon="long-arrow-right"]

Three Tips to Make Cyber Risk Quantification Work for Your General Counsel as Well

[fa icon="calendar'] May 25, 2021 3:39:19 PM / by Nicola (Nick) Sanna posted in Risk Management

[fa icon="comment"] 0 Comments

Surprisingly, we still sometimes hear that some cyber risk professionals are challenged by their General Counsel and legal department not to quantify their cyber risk, as that might - in their opinion - introduce a liability, driven by the fact of possibly knowing about a problem and not having done enough to address it.  

Read More [fa icon="long-arrow-right"]

Hacking the COVID Cold Chain: A Health Care Sector Example of FAIR

[fa icon="calendar'] Apr 26, 2021 4:06:32 PM / by Colin Connor and Itzik Kotler posted in Risk Management, Member Content

[fa icon="comment"] 1 Comment

In September, 2020, our IBM X-Force IRIS security analysis group began tracking strange phishing attacks targeting suppliers of HVAC equipment and services.

Read More [fa icon="long-arrow-right"]

Create a Forward-Looking Risk Register - Part 2 of Tony Martin-Vegue's 'Modeling the Vulnerability du Jour'

[fa icon="calendar'] Apr 14, 2021 12:53:20 PM / by Tony Martin-Vegue posted in Risk Management, Member Content

[fa icon="comment"] 1 Comment

Strange, unusual, media-worthy vulnerabilities and cyberattacks… they seem to pop up every few months or so and send us risk managers into a fire drill. The inevitable questions follow:

Read More [fa icon="long-arrow-right"]
LEARN MORE

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts