“Coronavirus is the black swan of 2020,” says a recent statement by Sequoia, the prominent venture capital firm, repeating a buzzy term that’s being widely circulated to describe the current pandemic crisis
We took a short survey of FAIR™ Institute email subscribers to get a quick read on their involvement with business continuity planning for the impact of COVID-19. The poll keyed off a podcast with Jack Freund
Organizations are rethinking their business continuity plans to get ahead of the coronavirus COVID-19 pandemic– an opportunity for IT risk analysts to bring to the table the critical thinking skills of Factor Analysis of Information Risk (FAIR™) and quantitative cyber risk analysis.
One of the keys to consistency when using the FAIR™ model is using the same magnitude across cyber loss data analyses. Particularly when using it for a risk assessment where the goal is to be compliant with regulations and compare the applications to each other, it is reasonable and “fair” to use consistent magnitude amounts.
A new article from Ars Technica asks the question “why is the healthcare industry still so bad at cybersecurity?” and answers with an inventory of institutional and regulatory shortsightedness, resistance to change, lack of budget and simple confusion that calls out for the kind of re-set button that other industries are hitting with a risk-based approach to cybersecurity like FAIR™.
In this webinar, Cyber Intelligence Analyst Samantha Chamberlin, tells how Fannie Mae uses FAIR™ to solve the common problems of both threat intelligence and risk analysis teams, particularly the challenges of gathering information from technical SMEs
Many FAIR program leaders start at a ground level and work their way up to a board presentation. Chris Golden started at the top, as he tells FAIR Institute Director Luke Bader in this podcast interview, demonstrating FAIR to the board for the green light on a risk quantification initiative.
In March, 2019, I passed the ISACA CRISC exam and got certified in the next month. The CRISC is a great certificate because it shifts your mindset and helps you to establish standardized information risk management practices.
However, I decided not to stop there, but to further search for holistic and effective standards for cyber risk quantification
The FAIR™ Institute’s third annual Cyber Risk Management Maturity Benchmark Survey results are in, and show “a lot of opportunity left in the risk management space for improvement,” says survey report author and FAIR Institute Fellow Jack Freund, PhD.
In this webinar sponsored by our technical advisor, RiskLens, hundreds of your peers in cybersecurity and risk came to get answers to some burning questions.
How do I get more value from the NIST CSF Framework?