And, as a chief risk officer (CRO), we’re also guessing you may have been told by your IT risk people that cyber risk can’t be quantified—the threats change so fast, the data is too hard to get, it’s fundamentally unlike other forms of risk.
We’re making one last guess that you’re hearing from your senior management or board of directors that, after so many high profile, costly data breaches and other cyber attacks, the urgency is on to inform them of cyber risk in the same sort of quantified hard money terms you use on other risks, not the squishy high-medium-low risk reporting you may be getting now from IT.
So we put together this collection of guides as a short-course introduction to FAIR (the model that drives the RiskLens platform) and cyber risk quantification.
High level, FAIR is:
An Executive’s Guide to Cyber Risk Economics by Jack Jones, the creator of FAIR.
Jack lays out, in non-technical terms, how FAIR works to identify and prioritize risk, and to point the way to the most cost-effective mitigation.
RiskLens Risk Report
Part of your job is likely riding herd on a risk committee tasked with defining...
...with representatives from around the business, each with a different perspective on “risk”. Similarly, your security and audit teams may be odds on prioritization of risks.
With FAIR and risk quantification, disparate teams and departments can look at risk in the financial terms that are the basis of all their other communication about the business. That makes prioritizing on top risks a whole lot easier.
In fact, FAIR analysis often exposes that what had been considered as risks by the organization aren’t really risks at all or at least don’t represent that much exposure to the organization.
Relevant guides:
No graduate degree required to be a FAIR risk analyst, just good critical thinking skills and a comfort level with numbers. RiskLens offers a thorough online, video-based course in FAIR analysis. And, of course, the RiskLens platform automates many of the steps associated with FAIR risk analysis , for both cyber and operational risk scenarios.
Relevant guides:
RiskLens is the analytics platform built by the creators of FAIR and road-tested by Fortune 1000 companies around the world as a foundation of their cyber, technology and operational risk management.
RiskLens automates the entire FAIR analysis process for rapid results delivered in a business-friendly, non-technical format showing loss exposure in dollars.
Benefits of using RiskLens for FAIR analysis include: