Risk analysis – nobody wants to do it, but everybody wants the answer when it’s done. Business today is full of qualitative methods for assessing risk, but these tend to fall short of giving Information Security professionals the tools to express risk in a meaningful way. FAIR (Factor Analysis of Information Risk) was recently adopted by the Open Group as a quantitative method for understanding Information Security risk. This session will provide an understanding of OpenFAIR, complete with colour commentary about implementing FAIR in real life and why people are terrible at estimating risk.
October 22, 2014 | Management (718b) | 13:25 – 14:25