A ringing endorsement this morning from Dark Reading for cyber risk quantification and the FAIR model in Terry Sweeney’s article How to Create Smarter Risk Assessments.
“Quantitative measurements – likelihood of loss, hard-dollar financial impact — are what executives and directors need to make more informed decisions about security risks,” Sweeney writes.
“CISOs and security professionals have to learn (and master) the language…Qualitative measures won’t cut it like they used to (so long, traffic signal graphics!).”
“Generating consistent buzz is the risk framework from the Factor Analysis of Information Risk Institute (FAIR), which by most accounts, comes closest to delivering on the quantitative risk approach.”
Dark Reading extensively quotes RiskLens CEO Nick Sanna in the article, on the increasing demands on CISOs from boards and senior management:
“It used to be, ‘Tell us how bad it is,’ but now it’s more a case of ‘We’re giving you money… we need to know what we’re getting in return’,” Nick said, adding that pressure from the SEC on boards to assess risk in financial terms is also a major driver.
Read How to Create Smarter Risk Assessments in Dark Reading.
Get trained in FAIR cyber risk quantification, learn to measure, manage and communicate about risk in financial terms. RiskLens is the world leader in training security and risk professionals on the FAIR risk model.Learn About FAIR Training and Certification