A new white paper from the Association of Chartered Certified Accountants (ACCA), “Rethinking Risk for the Future”, argues that “accountancy is playing an increasingly larger role in navigating organizations through the urgent problems and interconnected risks
ACCA Urges Accountants to Play a Leading Role in Assessing and Communicating Risk
[fa icon="calendar'] Jul 20, 2021 10:47:43 AM / by Jeff B. Copeland posted in Risk Management
Prioritizing Cloud Security Controls Using FAIR
[fa icon="calendar'] Jul 14, 2021 8:51:17 AM / by Sambit Misra posted in Risk Management
Companies have gradually been moving to the cloud for years, but still need a model for prioritizing security initiatives for their cloud migration. Feedback from our clients is that organizations spread across multiple geographies, markets and business functions operate in silos
How to Quantify Total Cyber Risk for an IT Asset with FAIR
[fa icon="calendar'] Jul 13, 2021 11:02:00 AM / by Tyler Britton posted in Risk Management
Total risk for an IT asset such as a data repository or web app is exactly what is sounds like: the aggregate risk to a digital asset posed by relevant cybersecurity risk scenarios. That is, an asset will have a combination of relevant scenarios
SEC vs. First American Financial Sends a Message – Identify and Disclose Top Cyber Risk or We’ll Fine You
[fa icon="calendar'] Jun 30, 2021 11:52:51 AM / by Jeff B. Copeland posted in Risk Management
In a warning of a get-tough policy on cyber risk management, the Securities and Exchange Commission (SEC) has fined First American Financial Corp. (FAFC), finding that the major title insurance and escrow company “did not have any disclosure controls and procedures related to cybersecurity,
Three Tips to Make Cyber Risk Quantification Work for Your General Counsel as Well
[fa icon="calendar'] May 25, 2021 3:39:19 PM / by Nicola (Nick) Sanna posted in Risk Management
Surprisingly, we still sometimes hear that some cyber risk professionals are challenged by their General Counsel and legal department not to quantify their cyber risk, as that might - in their opinion - introduce a liability, driven by the fact of possibly knowing about a problem and not having done enough to address it.
Hacking the COVID Cold Chain: A Health Care Sector Example of FAIR
[fa icon="calendar'] Apr 26, 2021 4:06:32 PM / by Colin Connor and Itzik Kotler posted in Risk Management, Member Content
In September, 2020, our IBM X-Force IRIS security analysis group began tracking strange phishing attacks targeting suppliers of HVAC equipment and services.
Create a Forward-Looking Risk Register - Part 2 of Tony Martin-Vegue's 'Modeling the Vulnerability du Jour'
[fa icon="calendar'] Apr 14, 2021 12:53:20 PM / by Tony Martin-Vegue posted in Risk Management, Member Content
Strange, unusual, media-worthy vulnerabilities and cyberattacks… they seem to pop up every few months or so and send us risk managers into a fire drill. The inevitable questions follow:
Lawfare Blog Post on Enterprise Cybersecurity Measurement Makes the Case for Integrating FAIR in a 'Modular' Defense
[fa icon="calendar'] Apr 8, 2021 8:32:28 AM / by FAIR Institute Staff posted in Risk Management
With permission, we are re-publishing this post from Lawfare, the influential blog that covers the intersection between law and national security.
World Economic Forum Report Advises Boards of Directors to “Understand the Economic Drivers and Impact of Cyber Risk”
[fa icon="calendar'] Mar 23, 2021 11:04:57 AM / by Luke Bader posted in Risk Management
The World Economic Forum’s new report. Principles for Board Governance of Cyber Risk, is the work of a panel of international experts on cybersecurity, including FAIR Institute President Nicola (Nick) Sanna
A Second Look at the Water Utility Hack in Florida with ICS Expert Mike Radigan
[fa icon="calendar'] Feb 18, 2021 10:21:23 AM / by Jeff B. Copeland posted in Risk Management
The hack at the Oldsmar, Florida, water treatment plant, an attempt to inject harmful levels of lye, drew headlines fretting over the possibility of cyber-terror striking a utility sector with “few protections against hacking,” as the Wall St. Journal said.