FAIR Institute Blog

Evaluating Data Retention Risk from GDPR Using FAIR

[fa icon="calendar'] Jul 1, 2019 8:45:00 AM / by Rachel Slabotsky posted in FAIR, Risk Management, Case Studies

[fa icon="comment"] 0 Comments

Despite the increased focus and attention on data privacy triggered by GDPR that went into effect in May 2018, studies have shown that organizations still have some strides to make in order to be fully in compliance with the mandate. In fact, a recent survey by Varonis reported that many organizations continue to accumulate data that no longer needs to be retained, despite GDPR’s right-to-be forgotten clause.

Read More [fa icon="long-arrow-right"]

3 Tips on Evaluating Cyber Insurance with the FAIR Model

[fa icon="calendar'] Jun 19, 2019 1:40:41 PM / by Jeff B. Copeland posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

In recent webinar co-hosted by the FAIR Institute and the Legal Services Information Sharing and Analysis Organization (LS-ISAO), Brooke Oppenheimer and Trish Carreiro, attorneys with Axinn, Veltrop, & Harkrider LLP, made the case that any organization looking to buy cyber insurance should first understand its cyber risk in financial terms through FAIR analysis. 

Read More [fa icon="long-arrow-right"]

Take a Listen to this Webinar: Combining NIST-CSF and FAIR, Quantifying Risk to Drive Better Decision Making

[fa icon="calendar'] Jun 6, 2019 9:55:19 AM / by Luke Bader posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

From time to time, we come across some interesting FAIR related thoughts being shared by our partners. Last week, a fascinating webinar was hosted by Institute Technical Advisor, RiskLens

Read More [fa icon="long-arrow-right"]

How a Risk Analysis Scope Gets Off Track (and How to Fix It)

[fa icon="calendar'] Jun 4, 2019 11:34:09 AM / by Cary Wise posted in Risk Management

[fa icon="comment"] 0 Comments

The most important step in conducting a quantitative cyber risk analysis is scoping - identifying the asset, threat, and effect related to the scenario at hand. But what happens if you are so excited to get into your FAIR analysis that you skip this crucial step?

Read More [fa icon="long-arrow-right"]

Video: Jack Jones Tells Enterprise Security Weekly Infosec Makes Risk Management Harder than It Has to Be

[fa icon="calendar'] May 31, 2019 9:12:00 AM / by Jeff B. Copeland posted in Risk Management

[fa icon="comment"] 0 Comments

FAIR Institute Chairman and FAIR model creator Jack Jones gives a concise, high level view of the limitations of conventional thinking in the cybersecurity profession, and how FAIR and a quantitative approach to cyber risk shows the way forward, in this Enterprise Security Weekly podcast hosted by Paul Asadoorian.

Read More [fa icon="long-arrow-right"]

The Economic Impact of ICS Vulnerabilities

[fa icon="calendar'] May 28, 2019 8:12:56 AM / by Denny Wan and Daniel Marsh posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

Synopsis: The Common Vulnerability Scoring System (CVSS) is used throughout various industries for scoring vulnerabilities based on several metrics. These metrics focus on confidentiality, integrity and availability, the very well known CIA triad ingrained in the mentality of cybersecurity professionals and extends to maturity and environmental when and where the additional information is required.

Read More [fa icon="long-arrow-right"]

3 Steps to Improving IT Hardware Lifecycle Management with FAIR

[fa icon="calendar'] May 23, 2019 10:52:49 AM / by Leanne Scott posted in Risk Management

[fa icon="comment"] 0 Comments

How can you determine at what point in a piece of IT hardware’s lifecycle it should be updated? Using FAIR, the international standard for quantitative cyber and technology risk management, it is as simple as a three-step process.

Read More [fa icon="long-arrow-right"]

There's More than One Bear...

[fa icon="calendar'] May 23, 2019 10:35:02 AM / by Jack Jones posted in Risk Management

[fa icon="comment"] 0 Comments

If you’ve been in the cybersecurity profession for any length of time, you’ll have heard (or said) the old chestnut about two hikers who run into a bear on the trail.  One hiker immediately takes off his hiking boots and puts on his running shoes. 

Read More [fa icon="long-arrow-right"]

How to Hire a FAIR Cyber Risk Analyst

[fa icon="calendar'] May 10, 2019 8:20:00 AM / by Jeff B. Copeland posted in Risk Management

[fa icon="comment"] 0 Comments

Looking for a Quantitative Cyber Risk Specialist, a Risk Quantification Analyst or even a Senior Factor Analysis of Information Risk (FAIR) Analyst?  It’s a sign of the rapid adoption of FAIR that organizations have recently been advertising for new hires with those titles

Read More [fa icon="long-arrow-right"]

How to Start a FAIR Program? Start Small

[fa icon="calendar'] May 8, 2019 11:37:30 AM / by Jeff B. Copeland posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

It’s an issue that comes up again and again at FAIR conferences, chapter meetings, webcasts or discussion boards: “I get the value of FAIR quantitative risk analysis – but I don’t know how or where I could start implementing it.”

Read More [fa icon="long-arrow-right"]
LEARN MORE

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts