When I saw Jack Jones present on FAIR at an IANS Research Forum several years ago, it was like a light bulb went off in my head. I immediately ordered the FAIR book and began a cover-to-cover reading, twice. I had been unsatisfied with existing methods to assess privacy risks and I was excited to apply my new-found knowledge of FAIR to privacy.
In an article for Forbes Technology Council, Two Frameworks For Securing A Decentralized Enterprise, Ian Amit, Chief Security Officer at Cimpress (parent company of Vistaprint), tells how he combines the NIST CSF and the FAIR model to handle a challenging situation
The Securities and Exchange Commission, the European Union and the International Monetary Fund all pointed cyber risk managers toward cyber risk quantification in 2018
In this video from the 2018 FAIR Conference, Steve Reznik, Director, Operational Risk Management and Marta Palanques, Director, Enterprise Risk Management at ADP, one of the most advanced quantitative cyber risk management shops, show how to identify and track key risk indicators (KRIs) over time to judge the real success of your inforisk management efforts.
With so much confusion in the marketplace about how much and what kind of cyber insurance to buy, experts from Marsh, AON, and more leading companies in the insurance space came together to form the FAIR Institute’s Cyber Insurance Workgroup to think through how the discipline of quantitative risk analytics could help clear the fog.
Case Study: Reporting to the Board: What Got You Here, Won't Get You There, a presentation by Omar Khawaja, CISO at Highmark Health at the recent 2018 FAIR Conference at Carnegie Mellon University was a master class in communicating risk to the board and the business. Omar was this year’s winner of the FAIR Institute’s Business Innovator Award for his ambitious and creative introduction of FAIR to Highmark.
You’re the CISO of a Fortune 1000 company and the VP of sales comes to you with the typical ransomware lock on a laptop screen. The VP says there’s a $10 million sale that can’t be closed because all the deal data is sitting on the local laptop, not the network. The VP wants the company to pay the 3,000-bitcoin ransom. What’s your recommendation?
How do you move your organization off an opinion-based approach to risk management and on to fact-based discussions, with quantitative risk analysis as the starting point?
I have posted on YouTube 13 Reasons Why Heat Maps Must Die, a presentation that I prepared for a conference. My eight year old daughter already commented “Amazing work, I agree.” What more validation does one need?
Walmart is a FAIR champion in infosec (Joel Baese, Director, Governance and Decision Science, Information Security, has been a FAIRCON honoree and panelist) but the retailing giant is also pioneering quantitative risk analytics on the physical security side, as Christina Nelson, Director, GISAT Risk and Strategy, told the 2018 FAIR Conference.
