In this webinar, FAIR Institute President Nick Sanna gives the Association for Federal Enterprise Risk Management (AFERM) an introduction to FAIR, the international standard for cyber risk quantification, and a look at how federal agencies are applying the FAIR model to bring cyber risk management on financial terms to government.
Watch the webinar now:
Some of the key points Nick covers:
- What are the Federal Government mandates requiring the assessment of cybersecurity risk, in terms of probable loss event?
- The problems with the way that many agencies attempt to meet federal directives on risk management, relying on qualitative risk scoring practices that don’t enable effective decision-making.
- The first value that the FAIR approach brings: A common definition of cyber risk that’s compatible with ERM.
- How the FAIR method leads to fresh insights on pricing risk in the federal sector – have you considered the response costs associated with a cyber event such as a data breach?
- Some specific use cases, showing how FAIR quantifies results in dollar terms that clarify decisions on mitigating a data breach scenario and prioritizing POA&M’s based on an agency’s risk tolerance for probable financial losses.
“The word is starting to spread in cybersecurity circles,” Nick says, with FAIR advocates at NASA and the DOE recently briefing OMB on how FAIR and quantification might be applied across the government. A good starting point for any interested federal government risk manager would be joining the FAIR Institute’s Government Chapter.
Related: How FAIR™ Can Help the US Federal Government Better Prioritize and Right-Size Its Cybersecurity Investments blog post by Nick Sanna