HOME OF FAIR

THE STANDARD QUANTITATIVE MODEL FOR INFORMATION SECURITY AND OPERATIONAL RISK

Join leading information risk, cybersecurity and business executives to collaborate on the development and the sharing of industry-leading best practices for quantifying and managing information risk.

A STANDARD BY
partners_12
TECHNICAL ADVISOR
partners_09
SPONSORS
partners_09
EDUCATION PARTNERS

partners_03      partners_06      partners_17       FAIR_yellow_49                        

RECENT BLOGS

Video: CISOs and Board Members Talk Closing the Communication Gap

“It’s relatively rare that you get security leaders and board members together on a panel to talk about things,” says Wade Baker, who moderated “What CISOs Need to Tell the Board About Cyber and Technology Risk” panel discussion at FAIR Conference 2017

Read More >>

Announcing the 2017 Cyber Risk Management Maturity Benchmark Survey Report

The cyber and technology risk profession continues to evolve many of its practices. Because of this, new and unanswered questions reveal themselves, such as:

  • How mature is the profession today?
  • Where are we weakest/strongest?
  • Which improvements in maturity are likely to matter most?
  • How do we rate against others in our industry?

Read More >>

Loss Event Frequency Explained in 3 Minutes [Video]

With large companies under near constant attack from malware, phishing, and hacking attempts, getting an estimate on cybersecurity risk means reaching a clear understanding of how many of the massive number of threats actually turn into losses.

Read More >>

SEE ALL BLOGS

POPULAR BLOGS

Post Image
5 Must Read Books to Jumpstart Your Career in Risk Management

What are the must have resources for people new to operational and cyber risk? This list outlines what books I would recommend to new analyst or manager.

They’re not ranked by which book is best....

Read More >>
Post Image
What is a Cyber Value-at-Risk Model?

Over the past year, executive teams and board members across multiple industries have started to ask questions more forcefully about the risk posed by cybersecurity attacks. They are no longer...

Read More >>
Post Image
NIST CSF & FAIR - Part 1

The question often arises, “How is FAIR different from (or better than) a framework like NIST’s Cybersecurity Framework (CSF)?” The simple answer is: FAIR isn’t inherently better or worse; it is...

Read More >>

Practice Risk Quantification with FAIR-U

FAIR-U is our first officially sanctioned training application for running a FAIR risk analysis.

Learn more and try fair-u today!