Video with Slides | Case Study
All slide decks are attached for download below.
Chris Porter, CISO, Fannie Mae - FAIR Institute Breakfast Meeting during RSAC20
Chris gave examples of how FAIR revealed insights for cost-cutting that went beyond bread-and-butter decisions on comparing cybersecurity controls. Fannie Mae was able to reduce its exposure to potential data breach credit monitoring and notification costs by changing contracts to eliminate holding Social Security numbers and reduce its cyber insurance premiums by fine-tuning the policy to avoid over-paying for lower risks.
Mark Tomallo, CISO, Ascena Retail - FAIR Institute Breakfast Meeting during RSAC20
Mark described a well thought-out plan to engage different stakeholders, starting with switching to FAIR nomenclature in all risk conversations, involving SME’s and line-of-business owners to create loss tables, gathering top risks lists from VPs, running FAIR analyses in stealth mode and exposing results to stakeholders when it serves their interests. Mark said he knew he was succeeding when he turned back a finding from audit on a “material weakness” over default passwords that, under FAIR analysis turned out to be a negligible risk.