In a new article for the World Economic Forum, “Strategizing cybersecurity: Why a risk-based approach is key,” Adham Etoom the Co-Chair of the FAIR Institute’s Middle East and Africa Chapter in Amman, Jordan, writes that “modern and effective cybersecurity management entails more than managing technology risk; it encompasses managing business risk,” a core tenet for FAIR practitioners worldwide.
Etoom (who is also Director of Policy and Compliance, National Cybersecurity Center of Jordan) contrasts the commonly used maturity-based approach to cyber risk management (frameworks such as the NIST CSF, for instance) that “relies heavily on subjective assessments” and “may create a false sense of security” with a risk-based approach that
- Is flexible and customizable
- Emphasizes the identification of the most critical cybersecurity risks
- Promotes a proactive cybersecurity culture
To achieve a risk-based cybersecurity program “organizations can use risk quantification methodologies such as quantitative risk analysis and Monte Carlo simulation (i.e., FAIR Model) to measure the potential impact of cyber risks and prioritize risk mitigation efforts,” the World Economic Forum article continues.
The quantitative approach enables cyber teams to set KRIs and KPIs that can be communicated to executive leadership in business terms, ultimately “ensuring an organization is aligned and working towards a common goal.”
The FAIR Institute’s Middle East and Africa Chapter recently held its first summit meeting for FAIR practitioners and learners in the region in Amman, with speakers from the FAIR Institute in the US, as well as Bassam Al Maharmeh, president of the National Centre for Cybersecurity. Read a report on the meeting from The Jordan Times. The FAIR Institute has more than 14,000 members worldwide (join the FAIR Institute as a member).
Join us on Thursday, June 1, 2023, at the FAIR Institute Europe Summit in London