12      0

1778549 - Introduction to the Factor Analysis of Information Risk (FAIR) risk quantification standard

‐ Oct 19, 2021 11:45am

In 2020, FAIR Institute membership passed 10,000, representing more than 40% of the Fortune 1000, and spanning 118 countries. In only five years, use of this open standard approach to risk quantification has reached critical mass and is now recognized by NIST, COSO and HITRUST. Boardrooms are increasingly averse to risk colors and heat maps using ambiguous, ordinal scales. For centuries, the language of business risk has been in dollars and time. IT and cybersecurity risk must embrace the next evolutionary step and learn to speak this language with accuracy and confidence. This session will explore foundational measurement and quantification concepts, failures of current models and enlightening research. It will also introduce the global standard Factor Analysis of Information Risk (FAIR) concepts and ontology.

Learning Objectives:

  • Solidify understanding of typically ambiguous terms and concepts surrounding current IT risk management practice.
  • Demonstrate the failures of current qualitative risk management standards and processes.
  • Understand the basic concepts of the FAIR risk quantification framework and how its use can integrate IT/cyber risk into the broader business risk construct and discussion.




You must be logged in and own this session in order to post comments.