Sunday, May 3, 2015

A FAIR Telescope for Cyber Risk



“Imagine what it must have been like to look through the first telescopes or the first microscopes, or to see the bottom of the sea as clearly as if the water were made of gin.”

So the estimable science writer Matt Ridley begins today’s column (Wall Street Journal, May 2, 2015, p. C1) on how DNA sequencing, now so cheap and fast, has begun to illuminate the early history of humankind, with its many migrations, near-extinctions, and assimilations.  
The history of science is in no small measure the result of the progress in the technologies of observation.  The virtuous cycle of improved engineering and fabrication to improved observation to scientific advance, and back to improved engineering and fabrication, has profoundly affected all three, as well as our civilization and well-being.

Or, to follow Ridley, imagine the reaction of Louis Pasteur on seeing germs through a microscope.  So too does Fagan-style inspection of software enable its users to see the many “germs” that are defects in code.  (I have used it on all manner of business documents.  The results are inevitably sobering.)

It is almost trite now to say “you cannot manage what you cannot measure.”  But equally you cannot measure what you cannot see.

Analysis and management of operational risk, in particular cyber risk, now has such a microscope, Factor Analysis of Information Risk, or FAIR.  Thanks to the FAIR taxonomy, we now have a vocabulary and a means of identifying and making useful distinctions among the main words we use to describe operational risk.  This allows us to make repeatable and useful measurements of risk and its components, such as threat event frequency and loss magnitudes.


Now that we have precisely defined what we are talking about, we can manage risk better than ever before.

Photo credit "ALMA and a Starry Night" by ESO/B. Tafreshi (twanight.org) - http://www.eso.org/public/images/potw1238a/. Licensed under CC BY 4.0 via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:ALMA_and_a_Starry_Night.jpg#/media/File:ALMA_and_a_Starry_Night.jpg

No comments:

Post a Comment