If you’re looking for case-study level insights into how FAIR can revolutionize risk management in your organization – or compelling arguments to persuade your peers and management to adopt a business-aligned approach to cyber and operational risk – watch this webinar from the FAIR Institute’s technical adviser, RiskLens.
The RiskLens platform is the only application purpose built on the FAIR model (and the RiskLens Academy is the leader in FAIR training). Webinar presenters are RiskLens Vice President Steve Ward, a veteran of the cybersecurity industry, and RiskLens Consultant Rebecca Merritt, a former Big 4 auditor who now coaches large organizations on implementing quantitative risk analysis programs – in . In this webinar she’ll show you FAIR analysis in action on the RiskLens platform with a case study of risk of data breach in moving to the cloud.
Steve lays out the case for making a move to FAIR:
- Recent massive cybersecurity events like the NotPetya malware jumped the wall from cyber to operational risk, causing major companies like Merck and FedEx hundreds of millions in losses. “That’s woken the sleeping giant,” Steve says. Senior management and boards “are demanding a better view into risk in the organization.”
- Regulators, like the SEC in its recent cybersecurity disclosure guidance document, are calling for regulated companies “in effect, to quantify cyber risk…they are basically decomposing the FAIR model and saying get us these answers.”
- But…standard cyber risk analysis–with its reliance on heat maps, vulnerability counts or technical maturity models -- can’t speak in the financial terms the rest of the business and the regulators demand, the terms of risk quantification in dollars and cents.
Those are the factors driving the worldwide movement to FAIR, Steve points out – not just the growth in FAIR Institute membership (now close to 4,000), but the success of the RiskLens platform, in use at ten of the Fortune 100 companies, and dozens of the Fortune 500. “RiskLens has built itself to be the Rosetta Stone in discussions between cybersecurity and the business…and the business support platform for the CISO and CIRO.”
Rebecca follows up with a look into how FAIR analysts use the RiskLens platform, in this example as decision support in understanding the risk for an organization to move data to the cloud. You’ll see how the application operationalizes the key elements of the analysis:
- Scoping the risk event to be analyzed through a series of guided questions
- Guided data collection, based on internal company data as well as industry data from RiskLens' extensive experience with client engagements
- Running the analysis with thousands of Monte Carlo simulations to generate reports showing a range of probable risk outcomes in dollars for multiple scenarios – decision support that’s instantly communicable to non-technical managers as guidance for cybersecurity investment decisions.