In 2020, FAIR Institute membership passed 10,000, representing more than 40% of the Fortune 1000, and spanning 118 countries. In only five years, use of this open standard approach to risk quantification has reached critical mass and is now recognized by NIST, COSO and HITRUST. Boardrooms are increasingly averse to risk colors and heat maps using ambiguous, ordinal scales. For centuries, the language of business risk has been in dollars and time. IT and cybersecurity risk must embrace the next evolutionary step and learn to speak this language with accuracy and confidence.
This session will explore foundational measurement and quantification concepts, failures of current models and enlightening research. It will also introduce the global standard Factor Analysis of Information Risk (FAIR) concepts and ontology.
Solidify understanding of typically ambiguous terms and concepts surrounding current IT risk management practice.
Demonstrate the failures of current qualitative risk management standards and processes.
Understand the basic concepts of the FAIR risk quantification framework and how its use can integrate IT/cyber risk into the broader business risk construct and discussion.
CISSP, PMP, Open FAIR,
Program Manager, Client Trust, Risk, and Compliance,