ISSA Sacramento Valley Chapter Meeting – 9/19/2025 – Risk Analysis: FAIR-U for Cyber

Speaker: Mark Heckman, University of San Diego

Topic: Practicing “What-If” Risk Analysis Using the FAIR-U for Cyber Tool

Synopsis: This talk will explore the FAIR (Factor Analysis of Information Risk) model by demonstrating “what-if” risk analysis using the FAIR-U for Cyber tool. The FAIR-U for Cyber tool is a free demonstration version of SAFE Security’s SAFE ONE platform for automating FAIR risk analysis.

We will walk through an example risk scenario to see how the tool attempts to apply core FAIR components like Threat Event Frequency (TEF) and Loss Event Frequency (LEF). You can perform a basic “what-if” analysis by adjusting the parameters of various security controls. This will allow you to see how changes in things like a firewall’s capability or the use of multi-factor authentication might affect a scenario’s overall risk.

The goal of this presentation is to give you a sense of how a quantitative model like FAIR can be used to inform discussions about where to apply security resources. We’ll also consider some of the tool’s nuances and limitations, including its distinction between calculated risk values and those intended for easier communication.

Speaker Bio: Mark Heckman, PhD, has worked in the field of information security for over 40 years as an engineer, researcher, practitioner and educator. His wide-ranging career has spanned many areas of information security, including research and development of very high-assurance, multi-level secure systems for use in government and the military, research and development of intrusion detection and security event management systems, and general IT security and compliance for commercial organizations in the financial and health industries.

Dr. Heckman earned his MS and PhD degrees in Computer Science at the University of California, Davis and is a Certified Information Systems Security Professional (CISSP). He is currently a professor of practice and teaches in the CyberSecurity Engineering and Technology program at the University of San Diego.

Meeting Details: This will be a hybrid meeting (both in-person and on-line). You may attend remotely via Zoom (see below) or attend in person at Capsity, 3808 Broadway, Sacramento CA.

Please register for the meeting below. 

You don’t have to be a member of ISSA to attend our meetings (but we encourage you to join us!). Please share information about this meeting with your friends and colleagues who have an interest in information security.

This is hybrid meeting on Zoom and in-person.

Zoom link:
https://us06web.zoom.us/j/84186623031?pwd=EtHkuqg0it61fhLsaZIpC8aCHldHG9.1

Meeting ID: 841 8662 3031
Passcode: 668146