FAIR Institute Blog

Jack Jones

Jack Jones

Recent Posts

An Immature Maturity Model?

[fa icon="calendar'] Mar 23, 2017 3:10:42 PM / by Jack Jones posted in FAIR, Events

[fa icon="comment"] 3 Comments

This month’s FAIR Institute Data Utilization and Cyber Risk workgroup calls had excellent attendance and some great dialog.  I’m always pleased/impressed with the quality of thinking people bring to the these calls.  

Read More [fa icon="long-arrow-right"]

Connect With Jack Jones At RSA Conference 2017

[fa icon="calendar'] Feb 14, 2017 8:20:00 AM / by Jack Jones posted in FAIR, Events

[fa icon="comment"] 0 Comments

Well, the annual pilgrimage to San Francisco and the RSA conference is underway.

Read More [fa icon="long-arrow-right"]

Cyber Risk Workgroup Discusses "Clarifying Risks"

[fa icon="calendar'] Jan 25, 2017 4:45:00 PM / by Jack Jones posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

Last week we held the second Cyber Risk Workgroup call, with excellent attendance and active engagement. During the call, we discussed the white paper I wrote regarding “Clarifying Risks”.

Read More [fa icon="long-arrow-right"]

Examining a Defense of NIST 800-30

[fa icon="calendar'] Jan 17, 2017 12:15:00 PM / by Jack Jones posted in FAIR, Risk Management

[fa icon="comment"] 2 Comments

A couple of weeks ago I wrote a blog post pointing out some problems with NIST 800-30 (Fixing NIST 800-30). 

Read More [fa icon="long-arrow-right"]

[White Paper] A Clarification of "Risks"?

[fa icon="calendar'] Jan 12, 2017 8:00:00 AM / by Jack Jones posted in FAIR, Risk Management, White Paper

[fa icon="comment"] 4 Comments

One of the most significant barriers to effectively measuring and communicating about risk is the imprecise use of fundamental nomenclature.

Read More [fa icon="long-arrow-right"]

Fixing NIST 800-30

[fa icon="calendar'] Jan 3, 2017 8:30:00 AM / by Jack Jones posted in FAIR, Risk Management

[fa icon="comment"] 11 Comments

I’ve encountered a number of organizations that use guidance provided by special publication NIST’s 800-30 to measure the risk associated with one thing or another.

Read More [fa icon="long-arrow-right"]

A Different Definition of Risk Management?

[fa icon="calendar'] Dec 14, 2016 8:00:00 AM / by Jack Jones posted in FAIR, Risk Management, Events

[fa icon="comment"] 2 Comments

This past week I had the privilege of taking part in the Risk Management Summit 2016 that was part of the MIS | TI conference in New Orleans.

Read More [fa icon="long-arrow-right"]

Intelligent Adversaries

[fa icon="calendar'] Dec 13, 2016 8:00:00 AM / by Jack Jones posted in FAIR, Risk Management

[fa icon="comment"] 4 Comments

Recently, I heard someone express an opinion that “Quantitative analysis isn’t viable because we face intelligent adversaries.”

Read More [fa icon="long-arrow-right"]

What About "Positive Risk"? - Part 2

[fa icon="calendar'] Dec 7, 2016 8:00:00 AM / by Jack Jones posted in FAIR, Risk Management

[fa icon="comment"] 8 Comments

In the first post in this series, I said there were two belief systems that drive the notion of “positive risk” within our profession.

Read More [fa icon="long-arrow-right"]

What About "Positive Risk"? - Part 1

[fa icon="calendar'] Nov 30, 2016 12:15:00 PM / by Jack Jones posted in FAIR, Risk Management

[fa icon="comment"] 6 Comments

In probably half of the presentations I give about FAIR, someone in the audience will raise their hand and ask, “What about positive risk?

Read More [fa icon="long-arrow-right"]
LEARN MORE

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts