FAIR Institute Blog

How a CISO Uses FAIR with NIST CSF to Manage Cyber Risk Across Business Units

[fa icon="calendar'] Jan 3, 2019 9:21:32 AM / by Jeff B. Copeland posted in FAIR, Risk Management

[fa icon="comment"] 1 Comment

In an article for Forbes Technology Council, Two Frameworks For Securing A Decentralized Enterprise, Ian Amit, Chief Security Officer at Cimpress (parent company of Vistaprint), tells how he combines the NIST CSF and the FAIR model to handle a challenging situation

Read More [fa icon="long-arrow-right"]

SEC Cyber Risk Disclosure Guidance, KRIs for Cybersecurity, Risk Trends for Boards – Most Popular FAIR Institute Blog Posts of 2018

[fa icon="calendar'] Dec 27, 2018 8:30:00 AM / by Jeff B. Copeland posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

The Securities and Exchange Commission, the European Union and the International Monetary Fund all pointed cyber risk managers toward cyber risk quantification in 2018

Read More [fa icon="long-arrow-right"]

FAIRCON18 Video: How to Identify Key Risk Indicators (KRIs) for Cybersecurity

[fa icon="calendar'] Dec 20, 2018 7:30:00 AM / by Jeff B. Copeland posted in Risk Management, FAIR Conference 2018

[fa icon="comment"] 0 Comments

In this video from the 2018 FAIR Conference, Steve Reznik, Director, Operational Risk Management and Marta Palanques, Director, Enterprise Risk Management at ADP, one of the most advanced quantitative cyber risk management shops, show how to identify and track key risk indicators (KRIs) over time to judge the real success of your inforisk management efforts.  

Read More [fa icon="long-arrow-right"]

[Video] FAIRCON18 Panel: Optimizing Cyber Insurance Coverage with FAIR

[fa icon="calendar'] Dec 14, 2018 8:00:00 AM / by Jeff B. Copeland posted in Risk Management, FAIR Conference 2018

[fa icon="comment"] 0 Comments

With so much confusion in the marketplace about how much and what kind of cyber insurance to buy, experts from Marsh, AON, and more leading companies in the insurance space came together to form the FAIR Institute’s Cyber Insurance Workgroup to think through how the discipline of quantitative risk analytics could help clear the fog.

Read More [fa icon="long-arrow-right"]

FAIRCON18 Video: A Master Class on Reporting Cyber Risk to the Board

[fa icon="calendar'] Dec 5, 2018 8:29:00 AM / by Jeff B. Copeland posted in Risk Management, FAIR Conference 2018

[fa icon="comment"] 0 Comments

Case Study: Reporting to the Board: What Got You Here, Won't Get You There,  a  presentation by Omar Khawaja, CISO at Highmark Health at the recent 2018 FAIR Conference at Carnegie Mellon University was a master class in communicating risk to the board and the business. Omar was this year’s winner of the FAIR Institute’s Business Innovator Award for his ambitious and creative introduction of FAIR to Highmark.

Read More [fa icon="long-arrow-right"]

[Video] FAIRCON18 Table Top Exercise: Pay or Not Pay on Ransomware?

[fa icon="calendar'] Dec 4, 2018 8:00:00 AM / by Jeff B. Copeland posted in Risk Management, FAIR Conference 2018

[fa icon="comment"] 0 Comments

You’re the CISO of a Fortune 1000 company and the VP of sales comes to you with the typical ransomware lock on a laptop screen. The VP says there’s a $10 million sale that can’t be closed because all the deal data is sitting on the local laptop, not the network. The VP wants the company to pay the 3,000-bitcoin ransom. What’s your recommendation?

Read More [fa icon="long-arrow-right"]

FAIRCON18 Video: Walmart, Cisco, Ascena on ‘Shifting the Discussion to Cost-Effective Decision Making’

[fa icon="calendar'] Nov 29, 2018 11:51:02 AM / by Jeff B. Copeland posted in Risk Management, FAIR Conference 2018

[fa icon="comment"] 0 Comments

How do you move your organization off an opinion-based approach to risk management and on to fact-based discussions, with quantitative risk analysis as the starting point? 

Read More [fa icon="long-arrow-right"]

13 Reasons Why Heat Maps Must Die

[fa icon="calendar'] Nov 28, 2018 12:31:20 PM / by Osama Salah posted in FAIR, Risk Management

[fa icon="comment"] 1 Comment

I have posted on YouTube 13 Reasons Why Heat Maps Must Die, a presentation that I prepared for a conference. My eight year old daughter already commented “Amazing work, I agree.” What more validation does one need?

Read More [fa icon="long-arrow-right"]

[Video] FAIRCON18 Case Study: Walmart Extends FAIR from Cyber to Operational Risk

[fa icon="calendar'] Nov 19, 2018 11:31:09 AM / by Jeff B. Copeland posted in Risk Management, FAIR Conference 2018

[fa icon="comment"] 0 Comments

Walmart is a FAIR champion in infosec (Joel Baese,  Director, Governance and Decision Science, Information Security, has been a FAIRCON honoree and panelist) but the retailing giant is also pioneering quantitative risk analytics on the physical security side, as Christina Nelson, Director, GISAT Risk and Strategy, told the 2018 FAIR Conference.

Read More [fa icon="long-arrow-right"]

[Video] FAIRCON18 Panel: How FAIR and TBM Work Together to Show the Business Value of Cybersecurity

[fa icon="calendar'] Nov 14, 2018 8:30:00 AM / by Jeff B. Copeland posted in Risk Management, FAIR Conference 2018

[fa icon="comment"] 0 Comments

In recent years, many CIOs in big enterprises and government have successfully positioned themselves as not just IT operators but business enablers, using the discipline of Technology Business Management (TBM), a set of best practices to consistently communicate both the cost and the value of IT services.

Read More [fa icon="long-arrow-right"]
LEARN MORE

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts