If you want to know what your board directors are hearing about cybersecurity, you’ll probably get a good idea from the research by the World Economic Forum, host of the Davos Conference
The Good News: World Economic Forum Finds CISOs and Boards Talking More
[fa icon="calendar'] Jan 19, 2023 8:39:28 AM / by Jeff B. Copeland posted in Risk Management
Academic Study Uncovers How Legal Privilege Undermines Cybersecurity
[fa icon="calendar'] Sep 13, 2022 10:52:00 AM / by Jeff B. Copeland posted in Risk Management
"In their zeal to preserve the confidentiality of incident response efforts, lawyers frequently undermine the long-term cybersecurity of both their clients and society more broadly.”
Dos and Don’ts of Using CVSS Scores in Cyber Risk Management
[fa icon="calendar'] May 24, 2022 2:12:25 PM / by Jeff B. Copeland posted in Risk Management
CVSS scores are widely used – and widely mis-used – in cyber risk management. The Common Vulnerability Scoring System serves as a valuable alert system to point defenders to weaknesses in their defenses. But because CVSS scoring is numeric, it is often confused as quantitative cyber risk analysis
Analyzing Privacy Risk Using FAIR
[fa icon="calendar'] Apr 5, 2022 6:08:00 PM / by R. Jason Cronk posted in Risk Management, Member Content
When I saw Jack Jones present on FAIR™ at an IANS Research Forum several years ago, it was like a light bulb went off in my head. I immediately ordered the FAIR book
CRQ For All: Introducing My Cyber Risk Benchmark from RiskLens (Sponsored Post)
[fa icon="calendar'] Mar 14, 2022 6:00:00 AM / by James Graham posted in Risk Management
Every day at RiskLens, we talk to organizations of all shapes, sizes, industries and levels of maturity about our mission to make cyber risk quantification (CRQ) and Factor Analysis of Information Risk (FAIR™) faster and easier for their organizations to adopt and implement.
4 Ways FAIR Cyber Risk Analysis Saves Money
[fa icon="calendar'] Mar 2, 2022 5:13:31 PM / by Jeff B. Copeland posted in FAIR, Risk Management
By quantifying cyber risk in financial terms, Factor Analysis of Information Risk (FAIR™) brings a bottom-line focus to budgeting and spending decisions
A Solution for Measuring Inherent Risk
[fa icon="calendar'] Feb 22, 2022 2:32:43 PM / by Jack Jones posted in Risk Management, FAIR-CAM
If you search the FAIR Institute blog, you will find several posts about Inherent Risk, each highlighting fundamental problems with the standard definition for Inherent Risk and offering insights and advice regarding how to better define and use it. To save you the trouble of finding and reading old posts, I’ll boil them down:
3 Risk Identification Questions You Should Be Asking
[fa icon="calendar'] Feb 8, 2022 11:59:00 PM / by David Musselwhite posted in FAIR, Risk Management
Risk managers are always seeking to address the cybersecurity and technology risks that matter most to their organizations. But you can’t analyze and prioritize what you don’t identify.
Cyber Risk Management: Establishing a Blueprint with FAIR
[fa icon="calendar'] Feb 1, 2022 7:56:00 AM / by Daniel Stone and Tyler Ross posted in Risk Management
We recently had an opportunity to present a webinar in conjunction with the FAIR Institute about modeling and measuring cyber risk appetite with Factor Analysis of Information Risk (FAIR™), the international standard for cyber risk quantification.
PRMIA Survey Finds Data a Major Pain Point for Risk Managers
[fa icon="calendar'] Oct 7, 2021 7:57:00 AM / by Jeff B. Copeland posted in Risk Management
A recent survey by the Professional Risk Managers International Association (PRMIA) uncovered high frustration among risk professionals with data – the quality, usability, and general time suck required for the raw material of risk analysis.