FAIR Institute Blog

How to Hire a FAIR Cyber Risk Analyst

[fa icon="calendar'] May 10, 2019 8:20:00 AM / by Jeff B. Copeland posted in Risk Management

[fa icon="comment"] 0 Comments

Looking for a Quantitative Cyber Risk Specialist, a Risk Quantification Analyst or even a Senior Factor Analysis of Information Risk (FAIR) Analyst?  It’s a sign of the rapid adoption of FAIR that organizations have recently been advertising for new hires with those titles

Read More [fa icon="long-arrow-right"]

How to Start a FAIR Program? Start Small

[fa icon="calendar'] May 8, 2019 11:37:30 AM / by Jeff B. Copeland posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

It’s an issue that comes up again and again at FAIR conferences, chapter meetings, webcasts or discussion boards: “I get the value of FAIR quantitative risk analysis – but I don’t know how or where I could start implementing it.”

Read More [fa icon="long-arrow-right"]

What Makes a Good KRI? Steve Reznik of ADP on Better Metrics through FAIR [VIDEO]

[fa icon="calendar'] May 3, 2019 11:48:06 AM / by Jeff B. Copeland posted in Risk Management, FAIR risk model

[fa icon="comment"] 0 Comments

You’ve tried your hand at running one-off scenarios with FAIR, say to identify your top risks – now learn an ongoing use for FAIR to monitor your key risk indicators (KRIs).

Read More [fa icon="long-arrow-right"]

Good or Lucky? 3 Questions to Ask When Cyber Risk Analysis Shows Low Risk

[fa icon="calendar'] May 1, 2019 12:02:45 PM / by Taylor Maze posted in Risk Management

[fa icon="comment"] 0 Comments

‘Low’ loss exposure scenarios are often cause for celebration, or at least an exhausted sigh of relief from the CISO who is already juggling the remediation plans of countless other higher risk scenarios.

Read More [fa icon="long-arrow-right"]

Define Your Company’s Appetite for Risk with FAIR Analysis

[fa icon="calendar'] Apr 30, 2019 6:59:42 AM / by Rebecca Merritt posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

In basic terms, a company’s “risk appetite” is the level of risk the organization sees as acceptable.  Not surprisingly, some use the phrase “risk tolerance” interchangeably with “risk appetite” (there is an important difference: "tolerance" is how far off "appetite" the organization will go).

Read More [fa icon="long-arrow-right"]

3 Ways to Improve Identifying Your Cybersecurity Risks

[fa icon="calendar'] Apr 26, 2019 12:00:00 PM / by Christina Dulovich posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

Risk register has become a dirty phrase. It is a catch-all for any concern that keeps an executive up at night. Items such as “insiders”, “the Cloud”, and “data loss” adorn risk registers in organizations across industries. FAIR trained or not, it does not take a risk expert to tell you those items are not actionable.

Read More [fa icon="long-arrow-right"]

All-in-One Matrix: Regulatory Compliance Risk Assessment Overview for FAIR Practitioners

[fa icon="calendar'] Apr 26, 2019 8:14:36 AM / by Steve Reznik posted in FAIR, Risk Management, White Paper

[fa icon="comment"] 0 Comments

Industry guidelines and standards often strongly recommend or even require a “risk assessment” to satisfy various regulatory and compliance requirements. However, not all assessments are created equal as one entity’s assessment of risk may be another’s control evaluation.

Read More [fa icon="long-arrow-right"]

3 Tips for Making Your IT Audit Job More than Compliance

[fa icon="calendar'] Apr 17, 2019 10:07:20 AM / by Taylor Maze posted in Risk Management

[fa icon="comment"] 0 Comments

As auditors , you often get a bad rap. Given audit is a compliance focused profession, one of the many aspects of your job is telling someone that the way they do theirs is wrong, which is not a fun conversation for either party.

Read More [fa icon="long-arrow-right"]

Reserve Your Seat Today for the 2019 FAIR Breakfast Meeting, National Harbor, MD

[fa icon="calendar'] Apr 3, 2019 3:23:24 PM / by Luke Bader posted in Risk Management, Events

[fa icon="comment"] 0 Comments

On June 18, join a distinguished group of cyber risk executives and fellow FAIR Institute members, many in town for the Gartner Security & Risk Management Summit 2019, as they discuss "Tips and Best Practices on How to Build a Quantitative Risk Management Program With FAIR."

Read More [fa icon="long-arrow-right"]

3 Ways to Game the System with Qualitative Cyber Risk Analysis (Don’t Do It)

[fa icon="calendar'] Mar 25, 2019 8:30:00 AM / by Cary Wise posted in Risk Management

[fa icon="comment"] 0 Comments

As an advocate for FAIR, I spend a great amount of time preaching the benefits of quantitative risk analysis over the qualitative approach. Ranking of risks 1-5 or red-yellow-green based on subjective judgments doesn’t measure up (literally) to a standard model like FAIR that produces consistent results expressed as probabilities.  

Read More [fa icon="long-arrow-right"]
LEARN MORE

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts