Despite the increased focus and attention on data privacy triggered by GDPR that went into effect in May 2018, studies have shown that organizations still have some strides to make in order to be fully in compliance with the mandate. In fact, a recent survey by Varonis reported that many organizations continue to accumulate data that no longer needs to be retained, despite GDPR’s right-to-be forgotten clause.
In recent webinar co-hosted by the FAIR Institute and the Legal Services Information Sharing and Analysis Organization (LS-ISAO), Brooke Oppenheimer and Trish Carreiro, attorneys with Axinn, Veltrop, & Harkrider LLP, made the case that any organization looking to buy cyber insurance should first understand its cyber risk in financial terms through FAIR analysis.
From time to time, we come across some interesting FAIR related thoughts being shared by our partners. Last week, a fascinating webinar was hosted by Institute Technical Advisor, RiskLens
The most important step in conducting a quantitative cyber risk analysis is scoping - identifying the asset, threat, and effect related to the scenario at hand. But what happens if you are so excited to get into your FAIR analysis that you skip this crucial step?
FAIR Institute Chairman and FAIR model creator Jack Jones gives a concise, high level view of the limitations of conventional thinking in the cybersecurity profession, and how FAIR and a quantitative approach to cyber risk shows the way forward, in this Enterprise Security Weekly podcast hosted by Paul Asadoorian.
Synopsis: The Common Vulnerability Scoring System (CVSS) is used throughout various industries for scoring vulnerabilities based on several metrics. These metrics focus on confidentiality, integrity and availability, the very well known CIA triad ingrained in the mentality of cybersecurity professionals and extends to maturity and environmental when and where the additional information is required.
How can you determine at what point in a piece of IT hardware’s lifecycle it should be updated? Using FAIR, the international standard for quantitative cyber and technology risk management, it is as simple as a three-step process.
If you’ve been in the cybersecurity profession for any length of time, you’ll have heard (or said) the old chestnut about two hikers who run into a bear on the trail. One hiker immediately takes off his hiking boots and puts on his running shoes.
Looking for a Quantitative Cyber Risk Specialist, a Risk Quantification Analyst or even a Senior Factor Analysis of Information Risk (FAIR) Analyst? It’s a sign of the rapid adoption of FAIR that organizations have recently been advertising for new hires with those titles
It’s an issue that comes up again and again at FAIR conferences, chapter meetings, webcasts or discussion boards: “I get the value of FAIR quantitative risk analysis – but I don’t know how or where I could start implementing it.”