Enterprises operate their businesses on third-party platforms and services. Outsourcing of systems and services often involves significant risk, bestowing custodial responsibilities of large amounts of sensitive data and transaction capabilities to third-parties.
In traditional board of directors committee structure, each of the board’s five main functions (strategy, executive selection and compensation, governance, audit, risk and compliance) is assigned to a different committee, except one: risk, long handled by the audit committee.
“To adopt FAIR simply means your organization is using it to make decisions,” FAIR Institute Chairman Jack Jones told the FAIR Institute Breakfast at the recent RSA Conference
In a video interview just out on eWeek, titled “RSA Taking a FAIR Approach to Defining Cyber-Risk”, RSA Chief Technology Officer Zulfikar Ramzan discusses what he calls the “exciting” new direction for RSA Archer: “cyber risk economics and cyber risk quantification.
A few days ago I had the privilege of providing the opening keynote address at an IANS event in Dallas. If you’re not familiar with IANS (Institute for Applied Network Security), I encourage you to look into it as I believe it serves a very useful purpose and is working hard to be forward-looking. Regardless, one of the questions that was discussed at this event was how much of a CISO’s focus should be on business versus technology.
For a long time, humans have used various organisms to help them detect dangerous environmental conditions. Animals used for this purpose are called ‘Sentinel Species’ by scientists -- the best example is the use of caged canaries to detect dangerous levels of carbon monoxide in coal mines.
Every year, the RSA Conference is a snapshot of the ever-evolving State of the Cybersecurity Profession (and the vendors who market to it), and this year the State is…more risk- and risk-quantification-aware than ever.
The FAIR Institute is excited to announce our first breakfast meeting at the Gartner Security and Risk Management Summit on Tuesday, June 5, 2018 from 7:30 to 10 AM at National Harbor, MD.
The MIT Technology Review recently published an article about what they called “cyber threats.” While the article identifies trending attack methods and scenarios to be concerned about, none of the things that made the list are actually threats.
The term “Black Swan event” has been part of the risk management lexicon since its coinage in 2007 by Nassim Taleb in his eponymous book titled The Black Swan: The Impact of the Highly Improbable.
