A ringing endorsement this morning from Dark Reading for cyber risk quantification and the FAIR model in Terry Sweeney’s article How to Create Smarter Risk Assessments.
“Quantitative measurements – likelihood of loss, hard-dollar financial impact — are what executives and directors need to make more informed decisions about security risks,” Sweeney writes.
“CISOs and security professionals have to learn (and master) the language…Qualitative measures won’t cut it like they used to (so long, traffic signal graphics!).”
“Generating consistent buzz is the risk framework from the Factor Analysis of Information Risk Institute (FAIR), which by most accounts, comes closest to delivering on the quantitative risk approach.”
Dark Reading extensively quotes RiskLens CEO Nick Sanna in the article, on the increasing demands on CISOs from boards and senior management:
“It used to be, ‘Tell us how bad it is,’ but now it’s more a case of ‘We’re giving you money… we need to know what we’re getting in return’,” Nick said, adding that pressure from the SEC on boards to assess risk in financial terms is also a major driver.
Read How to Create Smarter Risk Assessments in Dark Reading.