Posted August 20, 2018 by Jeff B. CopelandThe Institute behind the FAIR model (that’s Factor Analysis of Information Risk) that RiskLens supports as a Technical Advisor recently passed two milestones that confirm the growing movement to quantitative risk analysis and FAIR, the only international standard for quantification of information security and operational risk.
Posted August 20, 2018 by Tim WynkoopI recently worked with a retail organization to run a FAIR analysis on an audit finding and settle a difference between the IT and Internal Audit teams. It’s a simple story but one that shows the power of quantitative risk analysis to get beyond guesswork and gut feelings
Posted August 16, 2018 by Rachel SlabotskyI recently worked with a large financial services organization to analyze a data breach scenario and determine the potential risk reduction (in terms of dollars and cents) that would result from implementing tokenization on key fields within a database cluster containing PII information.
Posted August 10, 2018 by Taylor ChesterWe’ve seen it happen: IT risk analysts who get trained on the FAIR model for cyber risk quantification, and spread the word to their internal clients, stakeholders, managers and even up to the board of directors, experience sudden feelings of accomplishment
Posted August 7, 2018 by Jeff B. CopelandIf you’re looking for a no-prerequisites introduction to the FAIR model for cyber risk analysis and the RiskLens application for cyber risk quantification that runs on FAIR, take under an hour to listen to Cary Wise, our risk consultant and veteran of introducing FAIR to a long list of businesses like yours.
Posted August 1, 2018 by Bryan SmithHave you ever looked at the results in a RiskLens risk analysis and wondered what's the probability that a loss will hit the max? Or looked at the results and tried to answer how much risk you are comfortable with? If so the new Loss Exceedance Charts introduced in RiskLens 2.2.7 are your answer.
Posted July 31, 2018 by Jeff B. CopelandThe influential International Standards Organization (ISO) updated its standard for risk management, ISO 31000, earlier this year, to make it “clearer, shorter and more concise,” the ISO said.
Posted July 31, 2018 by Jeff B. CopelandThe 2017 Enterprise Risk Management Benchmark Survey by The Risk Management Society (RIMS) found that 73% of organizations surveyed across 14 industries report “either having fully or partially integrated ERM programs in operation” and 61% said that ERM informs and influences their corporate strategies. The driver is the increasing interdependence of risks facing enterprises
Posted July 24, 2018 by Jeff B. CopelandRiskLens has partnered with the FAIR Institute to present the 2018 Risk Management Maturity Survey. Answer these structured questions to rate your risk management team’s processes and benchmark them against your peers.
Posted July 23, 2018 by Jeff B. CopelandIn a recent blog post by Jack Jones on Dark Reading, the creator of the FAIR model for cyber risk quantification analysis writes that “as a profession, we've been saying for a long time that we need to speak the language of business