Video with Slides
Video Recording and Slide Deck Below
Organizations starting out on their FAIR journey have probably heard the pitch several times by now: the qualitative High Medium Low “risk ratings” don’t cut it anymore. They’re too subjective and, quite frankly, tell decision makers nothing about the risks to their organization. But how does a company buy in to the FAIR methodology for quantifying cyber risk when executives, program managers, and risk analysts are still accustomed to the Red Yellow Green heatmaps?
Insert Cyber Intelligence. At Fannie Mae the success of our program can be attributed to launching the program from within the Threat Detection and Response’s Cyber Intelligence Team. This has been successful because a mutually beneficial relationship exists between cyber intel and quantitative risk assessments via FAIR. Threat intel benefits FAIR assessments by providing an accurate picture of the threat landscape supporting the creation of a cyber risk scenario register grounded by real world events and data.
Conversely, FAIR assessments performed in the RiskLens platform provide threat intel a common lexicon, based on monetary values, in which to interface with senior executives. The objective of this presentation is to show how Fannie Mae’s FAIR Risk Quantification program has matured by integrating threat intelligence into FAIR assessments and share the ways in which we are driving cultural change within the organization.
Presenter contact information:
Samantha Chamberlin, firstname.lastname@example.org