Explore a groundbreaking approach to cybersecurity control frameworks in this 40-minute conference talk from the RSA Conference. Delve into the concept of FAIR Controls, a novel framework designed to empirically measure the value of cybersecurity controls. Learn how to address the challenge of identifying effective cybersecurity spending through a comprehensive examination of control physiology, functional domain relationships, and various control types. Gain insights into Loss Event Controls (LEC), Variance Management Controls (VMC), and Decision Support Controls (DSC), and understand their practical applications in cybersecurity contexts. Discover how to evaluate control value using innovative diagrams and methodologies. Apply the knowledge gained to enhance your organization's cybersecurity strategy and optimize resource allocation.
FAIR Controls - A New Kind of Controls Framework
Overview
Syllabus
Intro
Ask yourself these questions....
Why it matters...
In the practice of medicine, which is more important?
Human Anatomy vs. Physiology • Anatomical component: Spleen
Cybersecurity Anatomy vs. Physiology
FAIR-CAM Objectives
Setting expectations...
Clarifying terms
Current controls "physiology"
FAIR-CAM's Functional Domain Relationships
Loss Event Controls (LEC) Ontology
Loss Event Controls applied in context
Variance Management Controls (VMC)
Decision Support Controls (DSC)
What's the value of this control?
Control value diagram
Summary
Apply What You Have Learned Today
Taught by
RSA Conference
