If you’re looking to make a case for budget or other executive support for a cybersecurity program, FAIR™ model creator Jack Jones shows you the way in this webinar, while also sharing some of the basics of starting and running a solid risk quantification program.
Watch the webinar on demand now.
As Jack says, first look to the things executives are rewarded on -- lifting revenue and lowering costs -- and present a risk analysis in the financial terms that enables them to prioritize your initiative against other competing initiatives in the organization, on an equal footing. You’re not going to get there speaking in qualitative terms about reducing high risk to medium risk.
Jack answers some of the frequently asked questions/objections about cyber risk quantification such as: Where do I get the data and will I have enough? The first steps are working with a well-defined model (FAIR is the international standard for cyber and technology risk quantification) that will direct you to the types of data needed and how to apply them, also clearly scoping the scenario to be analyzed to focus data collection. More on scoping here.
Don’t worry, you’ll have sufficient data even if you’re just relying on the estimates of subject matter experts, Jack advises, if their estimates are calibrated (more on calibration here) and the analysis presents the results in a range as a representation of uncertainty, and in dollar terms – see the slide from the webinar below. “Business related measurements always have uncertainty,” Jack says. So, “the playing field is now leveled” for executives looking to compare the relative value of competing investment choices.
Watch the webinar “Use Risk Quantification to Change Executive Priorities and Investments in Security” for more insights and tips from Jack, and stick around to the end when he answers audience questions about starting up a FAIR risk quantification program. A FAIR Institute membership and participation in the LINK community site are required to watch.
Join the FAIR Institute now: With 8,300 members representing 35% of Fortune 1000 companies, we are a growing movement!
Related:
Webinar: Jack Jones on Lessons for Cyber Risk from Military ‘Situational Awareness’
Download ‘Understanding Cyber Risk Quantification: The Buyer’s Guide' by Jack Jones
