Posted November 21, 2018 by Tim WynkoopI recently ran an analysis for a major bank that I think shows the power of both the FAIR Model for thinking through cybersecurity investment decisions and the power of the RiskLens CRQ platform for quickly running the numbers to support those decisions, often with surprising results.
Posted August 20, 2018 by Tim WynkoopI recently worked with a retail organization to run a FAIR analysis on an audit finding and settle a difference between the IT and Internal Audit teams. It’s a simple story but one that shows the power of quantitative risk analysis to get beyond guesswork and gut feelings
Posted May 3, 2018 by Tim WynkoopIn 2017, the shipping giant Maersk had to halt its global operations to reinstall its entire IT infrastructure-- 4,000 servers and 45,000 PCs-–after the NotPetya ransomware locked up its machines; the cost in lost business and remediation could hit $300 million.
Posted March 9, 2018 by Tim WynkoopThe FAIR model (and the RiskLens risk quantification application built on it) are all about a disciplined way to talk about risk, including being very specific about the types of loss
Posted February 26, 2018 by Tim WynkoopI was recently asked if Factor Analysis of Information Risk (the FAIR model) could be used to save time. Interesting conundrum.
Posted January 31, 2018 by Tim WynkoopWith the opportunity to work with a variety of customers throughout their RiskLens journey, I frequently get asked the question about which of our quantitative risk reports provide the most bang for the buck when an organization is trying to make a risk-related decision.
Posted January 31, 2018 by Tim WynkoopFirst, let me say I am a little biased. I think Factor Analysis of Information Risk (FAIR) should be part of every risk management program. With two different financial institutions in my work history, my hindsight is 20/20.
Posted January 11, 2018 by Tim WynkoopThe infosecurity team at a large financial institution had finally hit the dead end on red-yellow-green, subjective measurement. Its residual and inherent risk “scoring system” could produce colorful heat maps.
Posted August 24, 2017 by Tim WynkoopAt RiskLens, we figure risk as the probable frequency and probable magnitude of a future loss – in other words, how often losses are likely to happen and how much loss is likely to result.
Posted July 27, 2017 by Tim WynkoopIn my work as a RiskLens analyst, I’m privileged to be invited by our clients to take a deep look at their risk processes, and to help guide them through some serious thinking on difficult topics, and not just about the risks faced by the company. Implementing RiskLens and the FAIR model also means changing some longtime beliefs about risk analysis and risk management.