Streamline Your Risk Assessment Process with FAIR

Streamline Your Risk Assessment Process with a FAIR Focus - RiskLens Enablement ServicesDo you perform cyber risk assessments over policy exceptions, audit findings, or end-user software?  Have you tried to create a risk assessment process flow diagram and had to struggle? Then RiskLens Enablement Services are for you.

As part of Enablement, the RiskLens Professional Services team can help you define, refine, or optimize your risk processes by focussing on one core methodology: FAIR, the international standard for quantitative cyber risk analysis.

This type of engagement with RiskLens involves the following activities:

  • Performing a review of your current workflow
  • Developing an overall workflow with FAIR
  • Adjusting the workflow for one or two risk assessments being performed
  • Updating the workflow after items have gone through it

I recently had the opportunity to help an organization that is developing their FAIR based risk program full-steam-ahead but was struggling with defining the related processes.  Like most organizations, this customer was running multiple different processes and workflows across the organization and was having trouble developing efficiency and repeatability across assessments.


Tim Wynkoop is a Risk Consultant for RiskLens


By working with the organization and getting into the weeds, we were able to find out how to best build a FAIR mindset into their current risk assessment process. The entire process was very enlightening, with quite a few additional positive unintended outcomes by just getting all the process owners in the same room.

This is a good way for your organization to take something you are already doing and add some additional structure around it with a FAIR mindset.  By streamlining your risk assessment process with FAIR, you can not only understand the amount of risk associated with a particular policy exception or an audit finding but also apply the same base analysis to other related scenarios in order to gain efficiency and consistency.

The review and development of the workflows can be completed in just two days.

As another example of how to build a FAIR mindset in to your program, check out this blog post by my colleague Taylor Maze: How to Conduct a Security Exception Review Using FAIR.

Let us help add value to your FAIR-based risk program. Contact RiskLens now.   


The Wall Street Journal writes that “FAIR is gaining traction” as the cyber risk analytical model of choice among sophisticated organizations. No wonder that membership in the FAIR Institute has grown by leaps (to over 5,000) and an estimated 30% of the Fortune 100 companies now use FAIR for cyber risk analysis.