Security Management

B3: Deploying Risk Quantification at Scale

Thursday, September 22, 2022 1:30 PM - 2:30 PM

Room 405


As early as 2017, KP's Technology Risk Management department began exploring a transition to quantified risk management using the FAIR method. This presentation follows that journey from inception, to scaling FAIR for full enterprise use, including as a decision support tool outside the traditional domain of cyber risk. The discussion will cover the history, tools, organization structure and capabilities of FAIR in use at Kaiser Permanente.