"In their zeal to preserve the confidentiality of incident response efforts, lawyers frequently undermine the long-term cybersecurity of both their clients and society more broadly.”
CVSS scores are widely used – and widely mis-used – in cyber risk management. The Common Vulnerability Scoring System serves as a valuable alert system to point defenders to weaknesses in their defenses. But because CVSS scoring is numeric, it is often confused as quantitative cyber risk analysis
Every day at RiskLens, we talk to organizations of all shapes, sizes, industries and levels of maturity about our mission to make cyber risk quantification (CRQ) and Factor Analysis of Information Risk (FAIR™) faster and easier for their organizations to adopt and implement.
By quantifying cyber risk in financial terms, Factor Analysis of Information Risk (FAIR™) brings a bottom-line focus to budgeting and spending decisions
If you search the FAIR Institute blog, you will find several posts about Inherent Risk, each highlighting fundamental problems with the standard definition for Inherent Risk and offering insights and advice regarding how to better define and use it. To save you the trouble of finding and reading old posts, I’ll boil them down:
Risk managers are always seeking to address the cybersecurity and technology risks that matter most to their organizations. But you can’t analyze and prioritize what you don’t identify.
We recently had an opportunity to present a webinar in conjunction with the FAIR Institute about modeling and measuring cyber risk appetite with Factor Analysis of Information Risk (FAIR™), the international standard for cyber risk quantification.
A recent survey by the Professional Risk Managers International Association (PRMIA) uncovered high frustration among risk professionals with data – the quality, usability, and general time suck required for the raw material of risk analysis.
As a member of the FAIR Enablement Specialist (FES) team at the FAIR Institute, I consult for many individuals and teams as they start on their journeys to better risk management through cyber risk quantification