Gartner, the influential technology consulting firm, has named “risk quantification and analytics” to its list of “critical capabilities” for integrated risk management (IRM), the latest endorsement for a FAIR-style approach to managing cyber risk based on financial analysis.
In a new commentary on the Dark Reading website, What We Talk About When We Talk About Risk, FAIR Institute Chairman and cyber risk quantification pioneer Jack Jones takes the cybersecurity profession to task for the many confused – and confusing – ways it uses the term risk.
In a recent LinkedIn post, Christine Lagarde, Managing Director of the International Monetary Fund, calls cyber risk not just a top risk but “a significant threat to the financial system” and cites a new IMF study that cyber attacks could already cost banks close to nine percent of net income globally or around $100 billion on average a year.
If you’re a board member looking to get your arms around cybersecurity – or a CISO or other IT risk officer looking to win the admiration and support of your board – Jack Jones, the FAIR model creator and cyber risk guru, and James Lam, the enterprise risk management authority, have some very specific recommendations
One of the significant hurdles we have to overcome as a profession is our addiction to “zero cost” risk measurement. Let me explain…
The FAIR Institute breakfast during the recent Gartner Security & Risk Management Summit was an opportunity for FAIR newbies to soak up advice from veteran practitioners.
Enterprises operate their businesses on third-party platforms and services. Outsourcing of systems and services often involves significant risk, bestowing custodial responsibilities of large amounts of sensitive data and transaction capabilities to third-parties.
In traditional board of directors committee structure, each of the board’s five main functions (strategy, executive selection and compensation, governance, audit, risk and compliance) is assigned to a different committee, except one: risk, long handled by the audit committee.
“To adopt FAIR simply means your organization is using it to make decisions,” FAIR Institute Chairman Jack Jones told the FAIR Institute Breakfast at the recent RSA Conference
In a video interview just out on eWeek, titled “RSA Taking a FAIR Approach to Defining Cyber-Risk”, RSA Chief Technology Officer Zulfikar Ramzan discusses what he calls the “exciting” new direction for RSA Archer: “cyber risk economics and cyber risk quantification.
