If you’re considering introducing FAIR to your organization, building a quantitative risk management program, and enabling cost-effective decision making but are unsure of how to take the next (or first) step, the new eBook from FAIR creator Jack Jones An Adoption Guide for FAIR, is an action plan in seven steps. It provides you with descriptions of what you’ll need to lay the groundwork, keys to short- and long-term success, plus use cases, value propositions—and tips on getting past the roadblocks you’re likely to encounter on the journey.
The advice you’ll find comes directly from RiskLens' experience helping dozens of organizations across the Fortune 1,000 leverage FAIR and adopt it enterprise wide using the RiskLens platform.
The Guide covers these seven steps towards FAIR success:
1. A Foundation for Adoption
How to find the right problem to solve with cyber risk analytics—and the right people with critical thinking skills to staff the program.
2. Dimensions of Adoption
Starting small and scaling up: How to right-size a FAIR program to fit your organization.
Identifying stakeholders, socializing and demystifying the FAIR approach to risk measurement, zeroing in on pain points you can heal.
4. Selecting an Initial Objective and Strategy
Jack suggests six short-term analytic projects you might try, including cost-benefit analysis of a major security investment and “swamp draining” AKA cleaning up a risk register.
5. Achieving the Initial Objective
Critical building blocks: FAIR training, project management, software, data, reporting and decision-making are discussed.
6. Potential Adoption Challenges
How to counter unreasonable expectations, misperceptions about risk measurement and more problems.
7. Long-Term Integration
After your initial success, how to bake FAIR into your organization’s decision-making and risk management processes.
As Jack concludes, “the good news is that you’re in good company. The pace of FAIR adoption is growing rapidly, which means that you’re less likely to have to forge new ground…Furthermore, a growing number of board members, business executives, regulators, auditors and chief risk officers are becoming aware of FAIR and its benefits and these stakeholders are raising the bar for their organizations.”
Organizations compete at many levels, including how well they assess and manage their top risks and how cost-effectively they prioritize their risk mitigation initiatives. Discover how you can also gain that competitive edge by building a FAIR-based risk management program.