Webinar – Automated Breach & Attack Simulation vs Penetration Testing to validate security controls
Webinar - Automated Breach & Attack Simulation vs Penetration Testing to validate security controls Register now Register now
Why use the FAIR Model to quantify Cyber Risk for 3rd parties?
Why use the FAIR Model to quantify Cyber Risk for 3rd parties? Historically, questionnaires and or risk scoring have been the traditional tools used to evaluate the risk a 3rd party poses to an organisation. The Findings from questionnaires and risk scoring are often incredibly technical and complicated and are generally presented in heatmap style – red, orange, yellow, green – accompanied by a score and or letter grade, which aren't very useful in quantifying Risk to the business. To understand what the FAIR Model has to offer, let us first look at what we need to articulate to the Board or C-Level. In simplistic terms let’s begin by considering what Risk a 3rd Party could pose to an organisation if they were to share 2,000 data records with them. The Board or C-Level wants to know in financial terms what the cost to business will be if the 3rd Party is breached