Chapter 14

Implementing Risk Management

Abstract

This chapter focuses on helping the reader understand how to get started with applying factor analysis of information risk (FAIR) in their organization. To achieve this, it provides a high-level maturity model that describes levels of maturity between the implicit and explicit ends of the continuum. It also provides a hypothetical example of how one organization began its journey along that path. A process for performing root cause analyses is also provided, which can be a critical factor in attacking systemic problems within an organization. This chapter also discusses ways in which FAIR can help organizations squeeze more value from their governance, risks, and compliance (GRC) implementation and ...

Get Measuring and Managing Information Risk now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.