FAIR Institute Blog

3 Ways to Gather Loss Magnitude Data (from Your Cubicle)

[fa icon="calendar'] Jan 19, 2018 11:22:57 AM / by Cody Whelan posted in Risk Management

[fa icon="comment"] 0 Comments


A while back I wrote a post called The Dangers of Being a Cubicle Risk Analyst.  The premise being that a good risk analyst could not gather all of the information necessary to run a sound and defensible risk analysis from what they could gather in their four walls.  A good risk analyst ventures out to gather both loss event frequency and loss magnitude data from those in the know throughout the organization. 

Read More [fa icon="long-arrow-right"]

How to Analyze Your Risk from GDPR: A FAIR Approach

[fa icon="calendar'] Jan 19, 2018 10:49:47 AM / by Rachel Slabotsky posted in Risk Management, FAIR risk model

[fa icon="comment"] 1 Comment

As the final months approach before the EU's General Data Protection Regulation (GDPR) goes into effect in May, 2018, organizations are making significant investments to ensure they are prepared for the changes to come, particularly the strict rules on handling consumers’ personally identifiable information (PII).

Read More [fa icon="long-arrow-right"]

To Bring Value in a Risk Analysis, Tell a Story and Provide a Solution

[fa icon="calendar'] Jan 16, 2018 9:00:00 AM / by Rebecca Merritt posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

Imagine this – an issue is assigned to your risk analyst team, either by your management, someone in the business, or perhaps it's some area of weakness your own team identified. After completing the analysis, now it's time to prepare a presentation on the risk results.

Read More [fa icon="long-arrow-right"]

Ponemon Report on the True Cost of Compliance -- A Missed Opportunity

[fa icon="calendar'] Jan 3, 2018 9:00:00 AM / by Jack Jones posted in Risk Management, Jack Jones

[fa icon="comment"] 7 Comments

The Wall Street Journal recently referenced a research report published by Ponemon Institute entitled The True Cost of Compliance With Data Protection Regulations.  After reading the report I’ve come to the conclusion that although the research objective was admirable, it completely missed the target. 

Read More [fa icon="long-arrow-right"]

Jack Jones: Is There One Best Risk Metric? [Part 1]

[fa icon="calendar'] Dec 21, 2017 8:45:00 AM / by Jeff B. Copeland posted in FAIR, Risk Management, Jack Jones

[fa icon="comment"] 0 Comments

On his recent FAIR Institute Cyber Risk Workgroup Call (membership required), FAIR model creator Jack Jones fielded this question: If you had to judge an organization in terms of how well it manages risk using just one metric, what one metric would you use?

Read More [fa icon="long-arrow-right"]

Amazon S3 Bucket Data Breaches – a FAIR Risk Analysis

[fa icon="calendar'] Nov 29, 2017 3:30:00 PM / by Rebecca Merritt posted in FAIR, Risk Management, Case Studies

[fa icon="comment"] 1 Comment

Army documents marked Top Secret…data on 14 million Verizon customers…voter information on 198 million Americans…Just a few of the recent reports on data breaches—or open data discovered by security researchers before a breach occurred—on Amazon S3 “buckets”.

Read More [fa icon="long-arrow-right"]

Three Reasons You Should Get FAIR Certified

[fa icon="calendar'] Nov 29, 2017 12:03:33 PM / by David Musselwhite posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

Whether you’ve just been introduced to FAIR, recently completed RiskLens’ FAIR training, or learned about FAIR through self-study, pursuing the Open FAIR Certification is a worthwhile goal. As more large companies and regulatory bodies accept FAIR as a leading methodology for quantitatively analyzing risk, the Open FAIR Certification is becoming increasingly valuable. 

Read More [fa icon="long-arrow-right"]

Video: CISOs and Board Members Talk Closing the Communication Gap

[fa icon="calendar'] Nov 15, 2017 12:51:46 PM / by Jeff B. Copeland posted in FAIR, Risk Management, Fair Conference 2017

[fa icon="comment"] 0 Comments

“It’s relatively rare that you get security leaders and board members together on a panel to talk about things,” says Wade Baker, who moderated “What CISOs Need to Tell the Board About Cyber and Technology Risk” panel discussion at FAIR Conference 2017

Read More [fa icon="long-arrow-right"]

What Metrics Matter in Risk Management? [Video]

[fa icon="calendar'] Nov 9, 2017 2:08:09 PM / by Isaiah McGowan posted in FAIR, Risk Management, Fair Conference 2017

[fa icon="comment"] 0 Comments

Dashboards. Metrics. Data. Everybody has them; most don’t know how to use them effectively. It’s a bold statement; but, according to Jack Jones and Jack Freund it is a truism in the risk management field.

Read More [fa icon="long-arrow-right"]

When Non-Compliance Is A-OK [Video]

[fa icon="calendar'] Nov 8, 2017 2:50:16 PM / by David Musselwhite posted in FAIR, Risk Management, Fair Conference 2017

[fa icon="comment"] 2 Comments

“You are clearly out of compliance with a federal law.” When you, as a risk management professional, hear this, what is your first reaction?

A. “Yikes! We better fix that immediately!”
B. “That sounds like a problem for the Compliance Department?”
C. “So what? The government has it’s hand in everything, let us run our business!”
D. “Hmm…let’s perform a risk analysis and see if we should be concerned.”

Read More [fa icon="long-arrow-right"]
LEARN MORE

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts