One form of analysis that risk analysts perform are “emerging risk” assessments. These assessments are performed ad-hoc, when there is a perceived change in the risk landscape. This change can take the form of a new threat community, new attack methods, recently identified vulnerabilities, etc. The resulting question is typically “How much does this new risk issue matter to us?
FAIR is an ideal method to analyze these emerging risk issues, especially when the quantitative results speak both to IT and Business stakeholders. Recently, we have conducted several analyses for our customers to assess the risk associated with Ransomware. Recent incidents related to Ransomware as well as industry articles have been fueling this increased demand.