Writing in the Journal of Cyber Policy, Hugh Taylor recognizes the FAIR model and the RiskLens platform that operationalizes the model for making it “possible to estimate the financial impact of a risk within a certain range” opening the way to “manage risks as a way to mitigate their potential financial impact.”
Taylor, a respected author of books on enterprise SOA, SOX compliance and other security, risk and compliance topics, writes that “RiskLens is complementary to threat intel processes” with a goal to “translate threats into a financial assessment of risk exposure.”
RiskLens “can also be used to do ‘what if’ modeling of potential threats,” Taylor adds, and, he points out, has been adopted by consultancies and MSSPs, such as RSA, Service Now and Protiviti.
Taylor tells the story of how RiskLens Risk Science Director Jack Jones came to the realization in his work as a CISO that “Security is a business issue. Security managers need to talk about their work in terms of dollars and probabilities. Vague requests will never accomplish much.
“Jones then went on to develop the FAIR model, a framework that can reliably measure cyber risk qualitative and quantitative terms.”
Read Hugh Taylor’s post in the Journal of Cyber Policy “Advances in the Quantification and Management of Risk.”