At RSA Conference 2020, Demand for Risk Quantification and FAIR™ Everywhere

By Jeff B. Copeland | March 16, 2020


Talk about positive feedback – the RiskLens team heard buzz about cyber risk quantification and FAIR™ everywhere at this week’s RSA Conference 2020. RSA itself had set the tone before the conference, naming risk frameworks --including the FAIR standard for risk quantification that’s a key element of the  RiskLens FAIR Enterprise Model RF-EM™ - as one of the top themes of the year in its  trend report.

Among the events RSA scheduled centering on FAIR:

  • Two half-day seminars introducing FAIR, led by RiskLens Chief Risk Scientist (and FAIR inventor) Jack Jones, Director of Risk Science Jack Freund and Professional Services Team members Chad Weinman and Rachel Slabotsky, attended by 700 conference goers.
  • Sessions on implementing quantitative risk management in federal government agencies, on maturing cyber risk practices (led by RiskLens Risk Science Director Jack Freund) and on tips for running quantified risk assessments from FAIR practitioners at ADP and PNC Bank.

Off-campus, the FAIR Institute’s annual breakfast meeting featured speakers from Fannie Mae and Ascena Retail, discussing their quantified risk management program implementations (see the Institute’s  blog post on the breakfast for details). The RiskLens Academy ran a well-attended two-day FAIR Fundamentals course.

Meanwhile, the RiskLens crew was all fully scheduled with client and prospect meetings, talking up the newly introduced RF-EM.

The meetings offered a good cross section of the current thinking on the state of risk management, and here are the takeaways from RiskLens CEO Nick Sanna:

“I’ve been in meetings with industry leaders in security, IRM, risk ratings, third party risk management vendors and application security vendors."

“They are getting requests that the value of their solutions be articulated in business terms."

“All of these categories are coming to the conclusion that cyber risk management in the future will be quantitative and the model that will be used in the future is FAIR and the best platform to do quantitative cyber risk management at scale is RiskLens."

“This is leading us to consider integrating with many of these players over the course of the next year, and ensure that quantitative risk assessments become embedded in wider cybersecurity strategies.”

RiskLens already is integrated into leading GRC and IRM platforms –  that’s Orion Suydam, Vice President of Product in the photo demonstrating the RiskLens-ServiceNow integration at RSAC 2020 – but stay tuned.