FAIR leaders from Walmart, Chevron and Hewlett Packard Enterprise sat down with FAIR creator Jack Jones for a panel discussion at the recent FAIR Conference 2017 to talk over the unavoidable mindset changes that go along with successfully introducing the FAIR risk model to an organization.
The two big takeaways of the discussion, as Jack summed up:
"First, every organization is going to be different in terms of the starting point along the journey and what they hope to get out of it.
"Second, every organization. regardless of their starting point or objectives, faces similar challenges that really boil down to the social and political dimensions of change management."
Joel Baese, Head of Information Security Risk Assessment and Analysis, Walmart
Drew Simonis, Senior Director, Cyber Risk & Governance, Hewlett Packard Enterprise
Carl Conrad, Manager, Enterprise Architecture Management Systems, Chevron
The session was filled with actionable tips from these corporate security leaders, such as...don't necessarily fight the tradition of the red/amber/green heat map. If needed, work around it by basing the information on FAIR analyses instead of the opinions of the "experts".
"It was great how candid they were about the nature of the challenges and how they approached them," Jack said. He continued: "I think that regardless of where your organization is or hope to go from a risk management perspective, there’s going to be something in this panel for you because you’ll get exposed to the differences as well as the commonalities and solutions for the different challenges."
For more tips on the social side of introducing FAIR to your organization, see the entire video of the panel discussion on the FAIR Institute’s Member Resources page (free membership required). Here's a preview video: