What’s missing from the risk quantification tools and frameworks available now?

As a member of its advisory board, one of the areas that I'm pushing FAIR on is figuring out how to give guidance or direction to developers. How do I link what we're doing in this framework to risk in order to give developers something that's actionable? I'm seeing that disconnect and it's driving me crazy. If FAIR can successfully fix that, it will be the most comprehensive because not only will it give you detailed data, it will also help you do something with that data.

Anonymous Author
As a member of its advisory board, one of the areas that I'm pushing FAIR on is figuring out how to give guidance or direction to developers. How do I link what we're doing in this framework to risk in order to give developers something that's actionable? I'm seeing that disconnect and it's driving me crazy. If FAIR can successfully fix that, it will be the most comprehensive because not only will it give you detailed data, it will also help you do something with that data.
0 upvotes
Anonymous Author
The recent legislative changes around cybersecurity in the US are impacting the risk quantification industry. Now that the government says ransomware is cyber terrorism, you’ve lost your cyber insurance. Now what framework do I use if I can't get paid any for any claims on my cyber insurance because the government says it's cyber terrorism? You give your insurer the right not to pay your claim. They're not actually helping, you're just making the industry work.
0 upvotes