As interest in risk quantification, the FAIR model (Factor Analysis of Information Risk) and the RiskLens platform grows, visits to our blog are soaring. In 2017, blog readers were interested in improving their risk registers and heat maps, in figuring out how to present cyber risk to the board, and identifying their top risks—but the common theme was how to communicate about risk in terms the rest of the business understands, dollars and cents.
Here in reverse order are the ten most popular posts published on the RiskLens blog in 2017, based on page views:
A wrap-up of a panel discussion among CISOs and Board members at the 2017 FAIR Conference, this post presents tips on translating from tech-speak to the wide-angle business perspective of the board—like “keep it simple” and “move the focus beyond security incidents.”
This short, clearly written book by Jack Jones, creator of the FAIR risk model, makes the case for managing risk from the business perspective. Jack sets the stage for any organization making the move to quantifying risk in financial terms as a basis for sound decision-making.
It’s a common question from the Board or upper management: “What are our Top 10 risks?” Easier asked than answered without a consistent, repeatable way to analyze and rank your risks. This post is a roundup of other posts that together, prepare you to answer the big question.
The RiskLens platform runs your data through a vast range of scenarios to produce the clearest view of the probable outcomes you face, even with limited data. It’s called Monte Carlo Simulation—watch this video by RiskLens training lead David Musselwhite and you’ll understand how Monte Carlo works and why it’s critical to accurate estimation of risk.
This major post by RiskLens co-founder and President Steve Tabacek is a blueprint to operationalizing quantitative risk analysis (OQRA), a detailed walk-through from foundation to ongoing risk management with FAIR, and a must-read for any organization making the move to a quantitative risk management program.
RiskLens VP and veteran FAIR analyst Chad Weinman says “We often get asked this question: ‘How do we take our scrambled-up mess of a risk register and turn those items into more well-formed risk scenarios for us to then go ahead and quantify and measure?’” In this short video, Chad whiteboards the answer.
No wonder this post was one of the most popular of 2017—so many organizations struggle with these colorful charts, so easy on the eyes but so often based on sloppy thinking about risk. In this post, RiskLens consultant Cody Whelan shows you how to keep the heat map but build it on a solid foundation of objective, quantitative analysis.
Announcement in April of the integration of the RiskLens risk quantification platform with the popular RSA Archer Risk Register caught a lot of attention among risk professionals. Now analysts can associate “high” risk register entries with loss exposure compliant with the FAIR standard, a major advance in the spread of quantitative risk management.
In a year when data breaches, ransomware and other cyber attacks impacted the bottom line of so many large companies, this blog post clearly rode a wave of worry among board members and senior managers, who found themselves urgently needing to understand the information and technology risk posture and procedures at their companies.
The most excitement among blog readers this year was generated by the new, self-paced video and online training program on FAIR, taught by RiskLens consultants with extensive experience implementing risk quantification in a wide range of organizations. Sign-ups for the course are running well ahead of expectations, too.
Have a happy and prosperous New Year!