Global Resilience Federation (GRF) and The FAIR Institute Announce a New Strategic Partnership to Aid in Quantifying Cyber Risk

Reston, VA USA – October 15, 2018 – Global Resilience Federation (GRF) and The FAIR Institute announced today they have formed a new strategic partnership which will enable GRF members to quantify cyber risk and ascribe a currency value to the unique cyber risk surface of each member organization. Through the partnership, the FAIR Institute - via its Technical Advisor and accredited FAIR Training organization, RiskLens - will offer GRF members discounted training on the globally recognized standard for risk quantification. The agreement also supports a pathway to FAIR certification, and the development of cyber risk quantification programs for GRF member organizations. 

“Leaders within our member organizations continue to face cybersecurity challenges, regardless of whether they have adequate or appropriately applied funding for security. Until now, it has been extremely difficult to translate cybersecurity issues into economic business risk. The training that will be provided by FAIR Institute will empower our members and strengthen their decision making as they mitigate risk for their organizations,” said Cindy Donaldson, president of GRF. “By using the FAIR methodology, members are able to put a monetary value to their cyber risk to help determine where their financial exposure lies, where weak points are in their strategies, and what is financially necessary to secure the most valuable assets for their organizations.”

The FAIR Institute provides a Value at Risk (VaR) model for cybersecurity and operational risk as part of its overall effort to advance the measurement and management of information risk. By arming executives with the ability to measure, manage and report on risk from a business perspective, FAIR allows business leaders to find the proper balance between protecting and running their organizations. Its training program gives security teams the ability to evaluate their attack surface and ascribe a cost to their risk for both immediate redress and strategic planning purposes.

“We cannot understate the significance of this partnership with Global Resilience Federation. As a leading cybersecurity organization focused on information sharing to benefit its members, GRF can leverage FAIR Institute to help its members better understand the impact onto their operations of cyber threats, measure the effectiveness of possible controls, and cost-effectively improve the resiliency of critical systems and infrastructure,” said Nick Sanna, President of the FAIR Institute. “Threats and vulnerabilities are infinite; risk mitigation resources are not. Without a model such as FAIR, that helps prioritize the events that matter the most, we run the risk of spreading our resources too thin and giving the adversaries the advantage.”

The quantification of cyber risk in monetary terms is rapidly becoming a requirement from executive leadership and Boards of Directors, regulatory bodies, and organizations’ customers. As organizations evolve in the way they address security, from a technology to a business lens, and from a compliance to risk-based approach, they must make informed decisions based on accurate data and analysis. This partnership agreement provides GRF members with a discounted rate for the FAIR methodology, which for the first time, enables true cyber risk quantification.

“Assigning a monetary value to risk has been a perennial issue but fortunately industry has finally captured a way to quantify it,” added Donaldson. “GRF will continue to seek out partners that provide value for the unique needs of sharing community members because when we can help inform and defend individual members, we can strengthen our mutual defense against threat actors.”

###

Global Resilience Federation (GRF) is a non-profit hub for support, analysis, and multi-industry intelligence exchange between ISACs and ISAOs, which facilitate cyber and physical intelligence sharing for specific sectors. GRF’s mission is to help assure the resilience of critical and vital infrastructure against threats that could significantly impact the orderly functioning of the global economy and general safety of the public. GRF members include Financial Services ISAC, Legal Services ISAO, and Energy Analytic Security Exchange, among others. GRF is also engaged with CERTs and other bodies around the world that seek to protect certain regions and industries. Formerly the Sector Services division of FS-ISAC, GRF was created as a standalone non-profit organization in May 2017. Learn more at www.GRFederation.org or by visiting @GRFederation on Twitter or Global Resilience Federation on LinkedIn.

Inquiries may be directed to Patrick McGlone at pmcglone@grfederation.org

The FAIR Institute is a non-profit organization made up of over 3,600 forward-thinking risk officers, cybersecurity leaders and business executives that operates with a central mission: Establish and promote information risk management best practices that empower risk professionals to collaborate with their business partners on achieving the right balance between protecting the organization and running the business. Factor Analysis of Information Risk (FAIR) is the discipline, the framework, and the driver behind our mission. Find out more at https://www.fairinstitute.org/ or by visiting @FAIRInstitute on Twitter or FAIR Institute on LinkedIn.

Chad McAuslin