FAIR Institute Blog

What Makes a Good KRI? Steve Reznik of ADP on Better Metrics through FAIR [VIDEO]

[fa icon="calendar'] May 3, 2019 11:48:06 AM / by Jeff B. Copeland posted in Risk Management, FAIR risk model

[fa icon="comment"] 0 Comments

You’ve tried your hand at running one-off scenarios with FAIR, say to identify your top risks – now learn an ongoing use for FAIR to monitor your key risk indicators (KRIs).

Read More [fa icon="long-arrow-right"]

Good or Lucky? 3 Questions to Ask When Cyber Risk Analysis Shows Low Risk

[fa icon="calendar'] May 1, 2019 12:02:45 PM / by Taylor Maze posted in Risk Management

[fa icon="comment"] 0 Comments

‘Low’ loss exposure scenarios are often cause for celebration, or at least an exhausted sigh of relief from the CISO who is already juggling the remediation plans of countless other higher risk scenarios.

Read More [fa icon="long-arrow-right"]

Define Your Company’s Appetite for Risk with FAIR Analysis

[fa icon="calendar'] Apr 30, 2019 6:59:42 AM / by Rebecca Merritt posted in FAIR, Risk Management

[fa icon="comment"] 2 Comments

In basic terms, a company’s “risk appetite” is the level of risk the organization sees as acceptable.  Not surprisingly, some use the phrase “risk tolerance” interchangeably with “risk appetite” (there is an important difference: "tolerance" is how far off "appetite" the organization will go).

Read More [fa icon="long-arrow-right"]

3 Ways to Improve Identifying Your Cybersecurity Risks

[fa icon="calendar'] Apr 26, 2019 12:00:00 PM / by Christina Dulovich posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

Risk register has become a dirty phrase. It is a catch-all for any concern that keeps an executive up at night. Items such as “insiders”, “the Cloud”, and “data loss” adorn risk registers in organizations across industries. FAIR trained or not, it does not take a risk expert to tell you those items are not actionable.

Read More [fa icon="long-arrow-right"]

All-in-One Matrix: Regulatory Compliance Risk Assessment Overview for FAIR Practitioners

[fa icon="calendar'] Apr 26, 2019 8:14:36 AM / by Steve Reznik posted in FAIR, Risk Management, White Paper

[fa icon="comment"] 0 Comments

Industry guidelines and standards often strongly recommend or even require a “risk assessment” to satisfy various regulatory and compliance requirements. However, not all assessments are created equal as one entity’s assessment of risk may be another’s control evaluation.

Read More [fa icon="long-arrow-right"]

3 Tips for Making Your IT Audit Job More than Compliance

[fa icon="calendar'] Apr 17, 2019 10:07:20 AM / by Taylor Maze posted in Risk Management

[fa icon="comment"] 0 Comments

As auditors , you often get a bad rap. Given audit is a compliance focused profession, one of the many aspects of your job is telling someone that the way they do theirs is wrong, which is not a fun conversation for either party.

Read More [fa icon="long-arrow-right"]

Reserve Your Seat Today for the 2019 FAIR Breakfast Meeting, National Harbor, MD

[fa icon="calendar'] Apr 3, 2019 3:23:24 PM / by Luke Bader posted in Risk Management, Events

[fa icon="comment"] 2 Comments

On June 18, join a distinguished group of cyber risk executives and fellow FAIR Institute members, many in town for the Gartner Security & Risk Management Summit 2019, as they discuss "Tips and Best Practices on How to Build a Quantitative Risk Management Program With FAIR."

Read More [fa icon="long-arrow-right"]

3 Ways to Game the System with Qualitative Cyber Risk Analysis (Don’t Do It)

[fa icon="calendar'] Mar 25, 2019 8:30:00 AM / by Cary Wise posted in Risk Management

[fa icon="comment"] 0 Comments

As an advocate for FAIR, I spend a great amount of time preaching the benefits of quantitative risk analysis over the qualitative approach. Ranking of risks 1-5 or red-yellow-green based on subjective judgments doesn’t measure up (literally) to a standard model like FAIR that produces consistent results expressed as probabilities.  

Read More [fa icon="long-arrow-right"]

Infosecurity Magazine on Jack Jones’ Approach to Risk Appetite: “Draw a Line in the Sand”

[fa icon="calendar'] Mar 7, 2019 12:44:27 PM / by Jeff B. Copeland posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

A busy week at the RSA Conference for the FAIR Institute. Tuesday at the SC Awards ceremony, the FAIR Institute received the extraordinary honor of being named one of the Most Important Industry Organizations of the Last 30 Years.

Read More [fa icon="long-arrow-right"]

Jack Jones: How Much Risk Does that Risk Represent?

[fa icon="calendar'] Feb 21, 2019 8:00:00 AM / by Jack Jones posted in FAIR, Risk Management

[fa icon="comment"] 2 Comments

Yesterday, while speaking to a university cybersecurity class, I was accused of being pedantic when I pointed out a problem with the phrase “The risk of that impact…”

Read More [fa icon="long-arrow-right"]
LEARN MORE

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts