FAIR Use Case: Introducing Quantitative Risk Management at Fashion Group Richemont

FAIRCON21 - Cedric De Carvalho - Richemont 2If you’re introducing FAIR™ and cyber risk quantification to your organization, look at this presentation from the 2021 FAIR Conference by Cedric De Carvalho, Cyber Risk Manager at Richemont International SA, corporate home to 26 luxury brands (or “maisons,” including Cartier watches and jewelry and Mont Blanc pens). You might want to just copy Cedric’s slides – they’re an effective, high-level, visual view of the value of FAIR. 


Practitioner Use Case Panorama

FAIR Institute members can watch the video of this FAIRCON21 session in the LINK member community. Not a member yet? Join the FAIR Institute now, then sign up for LINK. 

Cedric started by setting FAIR entirely in a business, not a cyber-technical context:

FAIRCON21 - Richemont Slide 1

“Cyber risk, like any function in the company, is about generating value,” he said.

He presented FAIR as a kind of basic psychological support tool, empowering the business to understand, decide and act on risk because of three features:

FAIRCON21 - Richemont Slide 2

Then he tied FAIR to two guiding principles of security at Richemont, Security Is Everyone’s Responsibility and Security by Design (“meaning that people involve us as soon as possible in different projects. …making us more proactive and less firefighters”) – and emphasizing again that business growth is at the root of security strategy.

FAIRCON21 - Richemont Slide 3

Getting down to use cases, Cedric presented the risk and security team’s projects as a series of building blocks.

FAIRCON21 - Richemont Slide 4

He introduced the notion of industrializing FAIR, taking advantage of the features of his risk management platform to gather data and plug it into analysis:

FAIRCON21 - Richemont Slide 5

And finally, he presented a forward look at where the FAIR program was headed, automating through rapid risk assessment for quick prioritization or, if above risk appetite, passing to analysts for detailed assessment:

FAIRCON21 - Richemont Slide 6

“We think this is the future of cyber risk quantification and cyber risk management as well, to leverage automation.”

See Cedric’s complete presentation in the video Practitioner Use Case Panorama -- membership in the FAIR Institute and the LINK discussion area required. Join the FAIR Institute now.

Learn How FAIR Can Help You Make Better Business Decisions

Order today
image 37