Measure The Value of Controls
Can you say which is the most valuable control in your cybersecurity program? The least valuable? Why are those questions for the cybersecurity and risk management professions difficult to answer? We have frameworks that list recommended controls but provide no insight into the effectiveness of those controls for risk reduction, either on their own or as a system. It’s like practicing medicine based on anatomy – an inventory of body parts – without physiology, the knowledge of how they work together.
The FAIR Controls Analytics Model™ (FAIR-CAM™), i.e. control “physiology”:
- Enables empirical measurement of control efficacy and value
- Accounts for individual control functionality as well as systemic effects
- More effectively leverages cybersecurity telemetry