HOME OF FAIR

THE STANDARD QUANTITATIVE MODEL FOR INFORMATION SECURITY AND OPERATIONAL RISK

Join leading information risk, cybersecurity and business executives to collaborate on the development and the sharing of industry-leading best practices for quantifying and managing information risk.

upcoming-events-bg.png

2017 FAIR CONFERENCE

FAIRCON 17 is October 16 & 17 in Dallas, Texas!
FAIR_yellow_21.png
A STANDARD BY
partners_12
TECHNICAL ADVISOR
partners_09
SPONSORS
partners_09
EDUCATION PARTNERS
partners_03      partners_06      partners_17       FAIR_yellow_49

RECENT BLOGS

Bank CISOs Debate FAIR in Risk.net Article

You might say this article, “Bank Cyber Chiefs at Odds Over Risk Models” (registration required) by Steve Marlin, just out on Risk.net, takes a snapshot of the current stage of evolution of banking information security executives, progressing towards a bank cyber risk model that’s as rigorous as the industry's models for market and credit risk. 

Read More >>

The Problem with Ransomware Risk Data

Hats off to (FAIR Institute Board Member) Wade Baker and partner Jay Jacobs of Cyentia Institute for plowing through all the available public data sources on ransomware and writing two blog posts that are essential reading for anyone serious about estimating ransomware risk from a solid foundation. 

Read More >>

Ransomware Risk: Setting Up a FAIR Analysis

Jack Jones recently walked the FAIR Institute’s Data Integration Workgroup monthly call-in through a thinking exercise: Assume you’re the CISO of a mid-sized hospital – how do you understand the risk of ransomware?

Read More >>

SEE ALL BLOGS

POPULAR BLOGS

Post Image
5 Must Read Books to Jumpstart Your Career in Risk Management

What are the must have resources for people new to operational and cyber risk? This list outlines what books I would recommend to new analyst or manager.

They’re not ranked by which book is best....

Read More >>
Post Image
NIST CSF & FAIR - Part 1

The question often arises, “How is FAIR different from (or better than) a framework like NIST’s Cybersecurity Framework (CSF)?” The simple answer is: FAIR isn’t inherently better or worse; it is...

Read More >>
Post Image
What is a Cyber Value-at-Risk Model?

Over the past year, executive teams and board members across multiple industries have started to ask questions more forcefully about the risk posed by cybersecurity attacks. They are no longer...

Read More >>