One of the most significant barriers to effectively measuring and communicating about risk is the imprecise use of fundamental nomenclature. And if we don’t excel at measurement and communication, then we can’t begin to claim a meaningful level of maturity as a profession or for the risk management programs where we work. With this in mind, one of the first deliverables from the inaugural Cyber Risk workgroup is a short white paper that clarifies what a risk is, and isn’t. This paper is being delivered to workgroup members in advance of the next call in hopes of getting everyone on the same page from a nomenclature perspective.
Once this is accomplished, we can begin to delve into more meaty questions and concerns regarding risk measurement and management. If you haven't already signed up for this workgroup and you're interested in taking part, it's not too late to sign up. If the inaugural call in December is any indication, this is going to be a very active and productive workgroup!
If you are not yet a member of the FAIR Institute, do get involved by clicking the button below. If you are already a member, please log on to the Member Resources Center to find the document titled,"A Clarification of "Risks"?" in the white paper section.