“Executives hate surprises” begins a new white paper, Managing Cybersecurity Surprises – the Executive’s Perspective, by FAIR model creator Jack Jones, and goes on to detail the four most likely reasons that organizations get blindsided by cybersecurity failures:
It’s a powerful concept in innovation laid out in the Jobs to Be Done theory: Know what your user hopes to accomplish and provide the solution to that specific need. In planning the 2018 FAIR Conference (October 16-17, Carnegie Mellon University, Pittsburgh), the FAIR Institute built the conference agenda with an eye on the jobs that conference attendees (and their organizations) need to get done.
In 2015, the North Carolina Department of Transportation (NC DOT) completed the I-485 project it began in 1988. This delivered to Charlotte a 67-mile outer belt loop around the city that it had desperately needed. With the completion of the last 5.7 miles of the freeway, the NC DOT also declared that the speed limit would rise from 65 to 70 mph.
Have you ever looked at the results of a FAIR risk analysis and wondered what's the probability that a loss will hit the max? Or looked at the results and tried to answer how much risk you are comfortable with? If so, the new Loss Exceedance Charts introduced in the latest release of FAIR-U are your answer.
I was recently re-reading ISO 31000 because that's what one does for fun (don't you?). Surprisingly I noticed on a few occasions that using heat maps (or qualitative RM) appears to not align with the guidelines.
When analysts don’t use a rigorous risk quantification model like FAIR to rate risks, and instead rely on the mental models in their heads they’ve developed from years of habit – odd things happen.
Our professional team here at RiskLens has been steadily growing for the past two years. Our risk consultants come from a variety backgrounds; with and without direct prior experience in risk management.
In a previous blog post, I wrote about how the FAIR quantitative risk model can be used to meet various regulatory and compliance requirements (specifically those that indicate the need for a formal risk assessment).
With all the news about Russian hackers targeting US utility plant networks, we're bringing back into view this blog post about cyber risk quantification for utility operators, by Industrial Control System (ICS) authority Michael Radigan of Leidos Cyber, Inc.
Take a look at the course offerings of most top-tier business schools and you’ll find listings like “Applied Business Forecasting,” where students “acquire hands-on experience with building and applying forecasting models to actual data on sales, inventories, income, earnings per share, and other variables widely encountered in business