To assist small and midsized businesses make risk-based decisions based on
cybersecurity cost exposure, information security consulting firm vCISO
Services, LLC announced today the immediate availability of their licensed
quantitative information risk assessment offering based on The Open Group Open
FAIR Body of Knowledge.
"We beta-tested Open FAIR, and immediately realized the business value
for our clients," vCISO Services, LLC principal Greg Schaffer said. "Our
Open FAIR certified resources leverage Open FAIR's Risk Analysis Tool to help
companies prioritize cybersecurity resources based on real cost exposure and
not a color scheme representation of opinion."
The Factor Analysis of Information Risk, or FAIR, uses known cost and
historical data to provide executive management and board of directors with
meaningful cost exposure ranges. "As a CISO, I created FAIR so that I
could help my executive stakeholders make better decisions. The improvements in
our ability to prioritize and communicate were beyond anything I had
anticipated," said Jack Jones, the developer of FAIR.
"We are pleased to have vCISO join the ranks of commercial licensees of
Open FAIR, and to also join the Security Forum to contribute to the ongoing
development of our standards and best practices," said Jim Hietala, VP,
Business Development and Security at The Open Group. The Open Group maintains a
list of commercial Open FAIR licenses at https://www.opengroup.org/certifications/openfair/commercial-licensees.
Traditionally, information risk assessments have been qualitative in nature,
relying solely on the opinions of experts whether a risk is high, medium, or
low, often displayed as red, yellow, and green "heat maps." Such
subjective assessments cannot provide accurate insight into information risk
exposure. vCISO Services, LLC offers FAIR-based quantitative information
risk assessments both as standalone projects and as part of their Gold and
Diamond Virtual CISO packages.