In this webinar, Cyber Intelligence Analyst Samantha Chamberlin, tells how Fannie Mae uses FAIR™ to solve the common problems of both threat intelligence and risk analysis teams, particularly the challenges of gathering information from technical SMEs and communicating information to non-technical business leadership.
“FAIR enables us to better connect across the organization because we do need to bridge the gap between information security and the business when doing assessments,” Samantha says. “These relationships that we are building through our various FAIR assessments makes our recommendations more defensible when we go to leadership because they are not only based on research but on the knowledge that we received from people across the organization.”
Watch the Webinar: Fannie Mae Cyber Intelligence Team Drives Culture Change Around Risk Using FAIR. A FAIR Institute Contributing Membership is required.
Key points Samantha covers:
- Similarities between the threat intelligence and FAIR risk scenario life cycles and how they can feed into each other.
- How to get targeted information from SMEs by applying FAIR analysis to establish attack vectors and controls strength
- How Fannie Mae re-started its threat intel and risk programs with a FAIR/RiskLens top risks identification workshop. “We can say these are the top risks in impact so now we will make sure to have an eye on those types of scenarios so if there is a shift in pattern [by threat actors], we are prepared for that.”
- How to use FAIR concepts and methodology to assess the threat of a vulnerability in the wild in response to management concerns.
- How Fannie Mae invites participants to table-top exercises to introduce FAIR thinking across the organization.
Learn more about FAIR at Fannie Mae: Watch this video by Musso Shaikh, Program Manager, Cyber Threat Intelligence, at Fannie Mae from her presentation at a FAIR Institute Breakfast: 4 Tips for Starting Your FAIR Program.