Quantifying Cyber Risk with FAIR and RiskLens

By Tiziana Barrow | January 10, 2019


You may have been asked by your board, the CIO or the CISO to quantify cybersecurity risk to assess your top risks in financial terms (dollars and cents), prioritize your risk mitigations based on business impact and demonstrate the value that cybersecurity initiatives bring to your organization. And you might be wondering how leading organizations are doing that.

The International Information System Security Certification Consortium or  (ISC)², recently hosted an educational webinar that introduced its members to FAIR, the only international standard quantification model for information security and operational risk, and to the RiskLens application, that was purpose-built on FAIR and that is helping many large organizations quantify cybersecurity risk in dollars and cents.

The hour-long webinar titled  “Pragmatic Cyber Risk Quantification” was lead by Jack Jones, the original author of FAIR, and by FAIR expert Cody Whelan. Jack introduced the audience to the basic concepts of FAIR and highlighted the importance of clear nomenclature, context and assumptions for cyber risk analyses. Cody followed with a 20-minute live demo of the RiskLens platform that guides users through FAIR-based risk analyses, step by step, using a templated best-practice workflow and leveraging out-of-the box data libraries.