In the second part of our blog series, we will focus on the third line of defense, internal audit, the types of data it can provide to contribute to a FAIR risk, and how it can benefit from adopting FAIR analysis in the risk quantification process.
In the world of risk management, the traditional Three Lines of Defense model has been widely adopted to mitigate and manage risks effectively. However, many organizations are still grappling with the process of communication
With supply-chain attacks very much in the news – see the Apache Log4j vulnerability or the 3CX VoIP software compromise – we’re bringing back into view this post by FAIR thought leader Tony Martin-Vegue on how to leverage a risk register to prepare for emerging risks.
The terms “risk appetite” and its close cousin “risk tolerance” are often poorly understood, very rarely used to good effect, and commonly used interchangeably.
If you want to know what your board directors are hearing about cybersecurity, you’ll probably get a good idea from the research by the World Economic Forum, host of the Davos Conference
"In their zeal to preserve the confidentiality of incident response efforts, lawyers frequently undermine the long-term cybersecurity of both their clients and society more broadly.”
CVSS scores are widely used – and widely mis-used – in cyber risk management. The Common Vulnerability Scoring System serves as a valuable alert system to point defenders to weaknesses in their defenses. But because CVSS scoring is numeric, it is often confused as quantitative cyber risk analysis
When I saw Jack Jones present on FAIR™ at an IANS Research Forum several years ago, it was like a light bulb went off in my head. I immediately ordered the FAIR book
Every day at RiskLens, we talk to organizations of all shapes, sizes, industries and levels of maturity about our mission to make cyber risk quantification (CRQ) and Factor Analysis of Information Risk (FAIR™) faster and easier for their organizations to adopt and implement.
By quantifying cyber risk in financial terms, Factor Analysis of Information Risk (FAIR™) brings a bottom-line focus to budgeting and spending decisions
