FAIR Institute Blog

Join Us on Feb. 23: FAIR University Curriculum Virtual Panel Webinar

Announcing the 2018 FAIR Conference at Carnegie Mellon University

For Better Risk Assessments in SSAE 18 Audits, Try Quantification with FAIR

Case Study: Demystifying ICS Cyber Risk with FAIR

Is Cyber Risk Measurement Just Guessing? -- Part 2

Webinar: Cyber and the Law (It's Really About the Money)

Key to Success in Risk Analysis? Trust the (FAIR) Process

3 Risk Identification Questions You Should Be Asking

Save the Date: FAIR Institute Breakfast at RSA Conference 2018

Pressing for FAIR: Our Comments and Recommendations on NIST CSF 1.1

The 3 Most Confusing Risk Analysis Terms

3 Ways to Gather Loss Magnitude Data (from Your Cubicle)

How to Analyze Your Risk from GDPR: A FAIR Approach

To Bring Value in a Risk Analysis, Tell a Story and Provide a Solution

How Board Members Can Improve Cyber Risk Oversight in 2018

Ponemon Report on the True Cost of Compliance -- A Missed Opportunity

Jack Jones Looks Forward into 2018 for Cyber and Technology Risk

Year in Review: The FAIR Institute in 2017 [Infographic]

Jack Jones: Is There One Best Risk Metric? [Part 1]

Santa’s Naughty and Nice List for Risk Registers

Just Released: FAIR-U Training Demo Video

Video: How to Balance Risk Management with Regulatory Compliance

4 Tips to Prepare for the Open FAIR Certification Exam

Meet a FAIR Institute Member: Osama Salah, Founder of the Abu Dhabi Chapter

Announcing the FAIR Institute Abu Dhabi Chapter, First in the Gulf Region

4 Key Things FAIR Can Do for Your Organization

Coming Dec. 5: Risk Management Maturity Benchmark Webinar

Amazon S3 Bucket Data Breaches – a FAIR Risk Analysis

Three Reasons You Should Get FAIR Certified

Video: How to Convince and Convert Your Organization to FAIR

Video: CISOs and Board Members Talk Closing the Communication Gap

Announcing the 2017 Cyber Risk Management Maturity Benchmark Survey Report

Loss Event Frequency Explained in 3 Minutes [Video]

Memoir of My Love Of-FAIR

What Metrics Matter in Risk Management? [Video]

When Non-Compliance Is A-OK [Video]

Jack Jones Interview on the Future of Risk Management [Video]

Standards Groups and Regulators Recognize FAIR

A 6-Step Guide to Becoming FAIR Trained

Q&A: Teaching FAIR to “Security Warriors” at Arizona State University

FAIR Conference 2017: Highlights from the Sessions

Now Available: Practice FAIR with Our Free Training App

A Crash Course on Capturing Loss Magnitude with the FAIR Model

ADP's Roland Cloutier and Bank of America's David Sheronas Honored with 2017 FAIR Awards

Jack Jones’ Top 10 Blog Posts

AML & Sanctions Compliance: Top Operational “Risks” for 2017? – Part 3

Hot Job: Data Protection Officer for the EU’s GDPR

FBI’s Donald Freese Praises FAIR Approach at (ISC)² Security Congress

Case Study: NIST Digital Identity Guidelines and FAIR “Made for Each Other”

Coming Soon: Try FAIR Risk Quantification on Our Free Tool

'Vulnerability' in Risk Analysis, Explained in 2 Minutes [Video]

Q&A: Jack Jones Talks with the Global Association of Risk Professionals (GARP)

Last Chance for the Best Deal at FAIRCON17!

Announcing the FAIR University Program - Building the Next Generation of Risk Management Leaders

4 Tips for Running Risk Analysis Meetings

Is Cyber Risk Measurement Just "Guessing"?

10 Interesting People You’ll Meet at the 2017 FAIR Conference

Benchmark Your Risk Management Team - Take Our Survey

Inherent Risk vs. Residual Risk Explained in 90 Seconds

3 Ways to Get a Risk Analysis Project Off to a Bad Start

Meet a FAIR Institute Member: Wade Baker

A FAIR Budget for Disaster Preparedness

FAIRCON17 Awards: Nominate Your FAIR Champions

Control Assessments Are Not Risk Assessments

Risk Analysis vs. Risk Assessment: What's the Difference?

The Cybersecurity Social Contract: Q&A with Larry Clinton

Missing the Mark on Risk Analysis Without ALE

Where to Find Risk Scenarios to Analyze

Video: What Is Risk? The Bald Tire Scenario [Updated]

FAIR Is Banks 'Most Commonly Used Approach to Quantifying Cyber Threats', says Risk.net

Meet the On-site FAIR Training Instructors of FAIRCON17

Take the 2017 Risk Management Maturity Survey

A FAIR View of Risk Appetite - Part 4 (finally!)

Anatomy of a FAIR Risk Analysis: Confidential Data in Email

5 Things You'll Learn at FAIRCON17

Secrets to Gathering Good Data for a Risk Analysis

Bank CISOs Debate FAIR in Risk.net Article

The Problem with Ransomware Risk Data

Ransomware Risk: Setting Up a FAIR Analysis

Announcing the FAIRCON17 Agenda

New Studies on FAIR for Threat Intelligence, Patient Information from The Open Group

Measuring Reputation Damage in Cyber Risk Analysis - Part 1

Toward a FAIR Notion of Criticality

How Are Risk Treatment Decisions Delegated?

Think You Know Basic Risk Concepts? Take a FAIR Challenge

Announcing the FAIR Institute Chapter in Paris

Meet a FAIR Institute Member: Evan Wheeler

Implementing NIST CSF? Read This First

5 Essentials for a Good Rationale in Risk Analysis

3 More Must-Read Books to Jumpstart Your Career in Risk Management

What Makes a Good Risk Analyst?

4 Most Forgotten Forms of Loss in a Risk Analysis

Metrics? What Metrics? Finding the Missing Link to the NIST Cybersecurity Framework

Cyber Economics: Smarter (vs. More Expensive) Cybersecurity

How to Show Due Diligence to Regulators in a Personal Health Information (PHI) Data Breach

Call for Speakers at FAIRCON17

FAIRCON17 Ticket Registration Now Open

Smart Risk Assessment Starts Here: The Privacy Office

How to Delegate Risk

FAIR On-A-Page: Same Great Model, Fresh New Look

Measuring Cyber Risk Requires Two Models, Not One

Meet a FAIR Institute Member: Bill Barouski

Risks from Regulations: Top Operational 'Risks' for 2017? – Part 2

How to Deal with "Data Challenged" Risk Analyses

'Risk Appetite' vs. 'Risk Tolerance'. What’s the Difference?

Save the Date: 2017 FAIR Conference in Dallas, TX!

5 Habits for Highly Effective Risk Analysis

Using Historical Data

Meet a FAIR Institute Member: Tony Martin-Vegue

Survey Shows How CISOs Fail to Communicate to Boards – And How to Fix It [Infographic]

No Data? No Problem

Internet Security Alliance (ISA), FAIR Institute File Joint Comments on the Proposed 1.1 Update to the NIST Cybersecurity Framework

Pro Tip for FAIR Risk Scenario Analysis: Map It

Join a FAIR Analysis in Action at the Operational Risk Workgroup Meeting April 11

Jack Jones Risk Summit Message: Focus or Fail

What Belongs in a Risk Register?

How FAIR Can Ensure The Success of COSO Risk Management Programs

How to Spot Data Breaches in Audit Trails?

An Immature Maturity Model?

Top Operational “Risks” for 2017?  –  Part 1

Breaking Risk Paradigms with FAIR

How to Think About Likelihood, Probability and Frequency

[VIDEO] New to FAIR? Start with this High-Level Introduction by Jack Jones

RSAC 2017 – The Year of Risk

Interval Estimation – Play a Game You Can Win

[Video] "The Characteristics of a Risk-Aligned Leader" by FAIR Author Jack Jones

The FAIR Institute Reaches 1000 Members On Its First Anniversary

Triaging Risk: A Year In The Life Of OpenFAIR - Part 2

[VIDEO] How Risk Quantification Changed A Government Agency's Approach to Decision-Making

Teaching FAIR to College Students

Triaging Risk: A Year In The Life Of OpenFAIR

Connect With Jack Jones At RSA Conference 2017

Take Another Look at Inherent Risk

Jack Jones Teaches FAIR In (ISC)² Webinar

Meet Jack Jones while at the RSA Conference on February 15th

Improving How Cyber Risk Is Reported to the Board

A FAIR Risk Analyst's Take on the NIST CSF 1.1 Draft Update

Cyber Risk Workgroup Discusses "Clarifying Risks"

What Is Vulnerability?

What is Open FAIR™ and Who is The Open Group?

Examining a Defense of NIST 800-30

Calling for FAIR Institute Blog Contributors

[White Paper] A Clarification of "Risks"?

Mark Your Calendar: FAIR Institute Breakfast in San Fran on Feb 15, 2017

Mark Your Calendars For 2017 Cyber Risk Workgroup Calls

Fixing NIST 800-30

FAIR Institute Blog Year-End Roundup

How Do NIST 800-160, Risk Quantification and FAIR Align?

FAIR Insurance Workgroup Announces Group Projects Around FAIR For Insurance Industry

A Different Definition of Risk Management?

Intelligent Adversaries

What About "Positive Risk"? - Part 2

Video Now Available: What's Up In The Boardroom & Conference Highlights

What About "Positive Risk"? - Part 1

Video Now Available: How to Build a Quantitative Risk Management Program

Video Now Available: Measuring DDoS Risk Using FAIR

FAIR Expert To Address ISACA Toronto Chapter On Taking Risk Measurement Seriously

Video Now Available: How To Effectively Communicate About Information Risk To The Board And The Business

Video Now Available: The Future of Information and Operational Risk Analysis

You Can Lead A Horse To Water...

Video Now Available: Presenting The Top 10 Risks To The Board

Takeaways from the Inaugural FAIR Conference 2016

Federal Reserve, OCC, FDIC Proposed Cyber Risk Management Standards Enhancements

[White Paper] Effectively Leveraging Data in FAIR Analyses

Press Release: Chris Cooper (RGA), Joel Baese (Walmart), Named FAIR Awards Winners At Inaugural FAIR Conference Today In Charlotte

Follow Us On Twitter During The FAIR Conference

Leveraging FAIR For Making Effective Cyber Insurance Decisions

Who Should Be Fired?

Press Release: Jack Jones, Jeffrey Kutler to Keynote Inaugural FAIR Conference Oct. 14 at Wake Forest University Charlotte Center

Join The New Cyber Risk Workgroup at the FAIR Institute

There's No Such Thing As Reputation Risk

Press Release: FAIR Institute Announces Inaugural FAIR Conference (FAIRCon), Friday Oct. 14, Uniting Leaders in Information and Operational Risk Management

Enterprise Risk Standards – Where does FAIR fit in?

Using FAIR to Analyze Project-Related Risk - Part 1

New FAIR FAQ Available

Nominate Your FAIR Champions

Jack Jones to Present Case Study on 'Quantifying Cloud Risk' at (ISC)² Security Summit

Dealing With Unknowns In Risk Analysis - Part 2

How to Make a Business Case for Security Training

Dealing With Unknowns In Risk Analysis

Time To Register For FAIR Conference 2016

Press Release: Two Cybersecurity Standards Come Together to Help Organizations Quantify and Prioritize Risk

Students Are Thinking Critically And Gaining New Skills Using Open FAIR

Video: Joining The FAIR Institute As A Student

NIST CSF & FAIR - Part 5

FAIR Institute Profiled By Global Association Of Risk Professionals

Beginning Your Operation Risk Journey with FAIR

Why The Business Should Own Cyber Risk?

Video: Can FAIR Inform Decision Making Around Public Policy?

A FAIR View of Risk Appetite - Part 3

Video: Why Organizations Are Failing At Prioritizing Information Security

5 Must Read Books to Jumpstart Your Career in Risk Management

Life's Uncertainties And The Risk Analysts

A FAIR View of Risk Appetite - Part 2

Video: Introducing the FAIR Academics Workgroup

How Difficult is FAIR to Use?

The Dangers of Being a Cubicle Risk Analyst

FAIR Institute Operational Risk Workgroup: Using FAIR to Understand Operational Risks

Save The Date For The 2016 FAIR Conference

Using FAIR to Manage Operational Risk

A FAIR View of Risk Appetite - Part 1

How to Assess Quality in Cyber Risk Forecasting - Part 3

FAIR Institute Insurance Workgroup: Quantifying Cyber Exposure

FAIR Author, Jack Jones, To Keynote ISSA's Cornerstones of Trust Conference

How to Assess Quality in Cyber Risk Forecasting - Part 2

How to Assess Quality in Cyber Risk Forecasting - Part 1

Video: A FAIR Case Study From Bank of Montreal

Using the FAIR Model to Measure Inherent Risk

How to Prepare for the Open FAIR Certification Exam

NIST CSF & FAIR - Part 4

NIST CSF & FAIR - Part 3

Video: How Was FAIR Started?

How Expected Loss Can Be a Misleading Estimate of Risk

Survey Suggests Confusion Reigns About What Risk Is

What Exactly Is a Risk Decision?

FAIR Book Inducted into the 2016 Cybersecurity Canon

NIST CSF & FAIR - Part 2

How to Bridge the Gap Between Qualitative and Quantitative Risk Analysis

How Threat Intelligence Can Help Third Party Risk Assessments

What Is the Right Level of Precision for Aggregate Risk Analysis?

Order of Magnitude Risk Estimations

How Threat Intelligence Can Drive Risk Analysis

Threat Capability and Resistance Strength: A Weight on a Rope

NIST CSF & FAIR - Part 1

How Threat Intelligence Fits Within Risk Management

Overcoming Obstacles to Risk Quantification - Part 3

FAIR Lessons in Public Safety

Introduction to Threat Intelligence and Risk Management

How Infosec Maturity Models Are Missing The Point

Overcoming Obstacles to Risk Quantification - Part 2

The Inevitable Marriage Between Threat Intelligence and Risk Assessment

Actions Speak Louder Than Words: What is Tactical Risk Analysis?

Overcoming Obstacles to Risk Quantification - Part 1

[PODCAST] How to Apply Socratic Thinking to Build Defensible IT Security Investments

Best Approach to Prioritizing Risks - Part 5

The Pitfalls of Mixing and Matching Risk Models

Unknown Unknowns

Best Approach to Prioritizing Risks - Part 4

Learn from Jack Jones at the RSA Conference

Best Approach to Prioritizing Risks - Part 3

What Is a Cyber Value-at-Risk Model?

Free Open FAIR Seminar - Learn about Quantitative Risk Analysis

Best Approach to Prioritizing Risks - Part 2

How Was FAIR Started?

Who is the Author of FAIR?

Best Approach to Prioritizing Risks - Part 1

3 Key Steps to Scoping a Risk Analysis

How to Communicate Cyber Risk to the Board

How to Measure Aggregate Risk

The Open Group Conference – How to Quantify Information Risk Through the Open FAIR Standard

Comparing Security Budgets

Appropriate funding

The Role of Critical Thinking

Risk Models Matter


Subscribe to Email Updates

Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts