- Leverage the FAIR Risk Methodology to consistently measure Inherent (current state) and Residual Risk (desired state)
- Enable consistent data collection and measurement of both Loss Event Frequency and Loss Magnitude
- Understand risk scenarios including specific threat agents and data assets to quantify risk
High Level Approach
We conduct risk management workshops to document program requirements and known risks, and plan how to incorporate the FAIR methodology.
Framework & Program Development
We integrate the FAIR Risk Management framework with your Security Strategy and Roadmap. We design program material templates to support processes for future repeat-ability.
Workshop & Acceptance
We conduct workshops to demonstrate the framework and new program in action. We incorporate feedback into the final templates and program documentation.
Identify Crown Jewels
- What is important to you?
- What is your competitive advantage?
- What is valuable to others?
- Where do these assets live?
- Who has access to them?
Draft Risk Scenarios
- Are assets at risk of breach of Confidentiality, Integrity or Availability?
- Which type of events could impact your business?
- Which threat actors are motivated to cause risk events?
- Which controls prevent your top risk scenarios from occurring?
- How mature are those controls?
- Are those controls operating effectively?
- How should you prioritize control enhancements?
- How will you utilize risk to drive new initiatives?
- How can you justify the cost of controls against potential loss?
- How will you identify new and emerging risks?
Want to align to another framework? Find out how we can help!
We can help you measure the effectiveness of your programs and align to several industry standard frameworks like ISO 27001, HIPAA, MITRE ATT&CK, and more.