We are proud to announce an exclusive partnership with the FAIR Institute. Factor Analysis of Information Risk (FAIR) has emerged as the standard Value at Risk (VaR) framework for cybersecurity and operational risk. The FAIR Institute is a non-profit professional organization dedicated to advancing the discipline of measuring and managing information risk.
Third party security risk management today comprises mostly questionnaires and monitoring tools that produce laundry lists of findings with little contextual information to determine priority - what is important and what is not. Since security teams at large organizations may actively manage thousands of suppliers, there is substantial need to introduce objective methods for prioritizing findings based on risk. Companies are looking at new approaches such as our SaaS solution, which is inspired by FAIR principles, to build scalable risk-based third party management programs rather than simply manage risk based on compliance standards.
"Third party risk management is one of the highest-profile areas of focus in our industry today," comments Jack Jones, FAIR Institute Chairman. "Unfortunately, it also tends to be one of the least effectively managed, with tremendous amounts of largely wasted effort. What we need are solutions that efficiently address the risk dimension of the problem. For that reason, it's exciting to see a company like RiskRecon recognize how FAIR's principles and methods can help them fill the gap."
Our advanced techniques allow organizations to apply FAIR methods to third party cyber risk management to achieve precise and efficient elimination of the most critical third-party security risks. The objective, supporting evidence provides the information necessary for organizations to rapidly pinpoint and remediate security weaknesses within a particular vendor and across their third-party portfolio. The result is a straightforward action plan that enables the organization and its third parties to constructively reduce risk by focusing on areas that most impact risk and equally importantly, ignore the many issues that are not important.
“As a former CISO myself, I’ve admired Jack Jones’ efforts with the FAIR Institute for many years and incorporated those principles into my management processes,” says RiskRecon CEO Kelly White. “At RiskRecon we believe enabling true risk-prioritization is the only way to build scalable, results-driven third-party security risk management programs. We’ve already incorporated core FAIR principles of issue severity and asset value within our solution and felt it was important to help support the continued growth of FAIR and its various thought leadership efforts.”
Visit www.riskrecon.com to learn more about how we helps security and business professionals manage third-party cyber risk. You can also download our vendor-neutral Third-Party Security Risk Management Playbook at www.thirdpartyplaybook.com.