Two of the most important elements of a successful risk management practice are measuring and communicating risk. A repeatable, consistent framework for measuring risk is vital. We also need a way to communicate the results of those assessments to business partners in a manner relevant to them.
From the Factor Analysis of Information Risk whitepaper “FAIR provides a framework for understanding, analyzing, and measuring information risk. The outcomes are more cost-effective information risk management, greater credibility for the information security profession, and a foundation from which to develop a scientific approach to information risk management.”
This presentation will show how FAIR provides a common taxonomy for assessing risk, how it allows us to measure risk in a manner that is repeatable and supportable and finally how we can communicate that risk effectively.