FAIR Institute Blog

Jack Jones

Jack Jones

Recent Posts

A FAIR View of Risk Appetite - Part 3

[fa icon="calendar'] Jul 5, 2016 4:30:00 PM / by Jack Jones posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

In the first two posts of this series I talked about how most organizations seem to characterize themselves as having a “Medium-Low” risk appetite,

Read More [fa icon="long-arrow-right"]

A FAIR View of Risk Appetite - Part 2

[fa icon="calendar'] Jun 22, 2016 7:30:00 AM / by Jack Jones posted in FAIR

[fa icon="comment"] 0 Comments

In Part 1 of this series I shared that most organizations seem to, almost by default, characterize themselves as having a “Medium-Low” risk appetite.

Read More [fa icon="long-arrow-right"]

How Difficult is FAIR to Use?

[fa icon="calendar'] Jun 14, 2016 4:30:00 PM / by Jack Jones posted in FAIR

[fa icon="comment"] 0 Comments

People regularly ask questions regarding FAIR’s difficulty and the difficulty of quantitative risk analysis in general.

Read More [fa icon="long-arrow-right"]

A FAIR View of Risk Appetite - Part 1

[fa icon="calendar'] May 31, 2016 4:00:00 PM / by Jack Jones posted in FAIR, Risk Management

[fa icon="comment"] 2 Comments

As with so many other terms in the risk management profession, there seems to be a fair amount of squishiness and inconsistency in how risk appetite (and its close cousin, risk tolerance) are defined and used.

Read More [fa icon="long-arrow-right"]

Using the FAIR Model to Measure Inherent Risk

[fa icon="calendar'] May 6, 2016 12:13:46 PM / by Jack Jones posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

 

I’m often asked, “How does FAIR account for, or deal with, inherent risk?” This particular question doubles as one of my most favorite and least favorite, for different reasons. 

Read More [fa icon="long-arrow-right"]

NIST CSF & FAIR - Part 4

[fa icon="calendar'] Apr 29, 2016 3:02:03 PM / by Jack Jones posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

Adding the “So What?”

It’s easy to understand that higher levels of maturity in various controls or risk management functions should equate to less risk. The challenge comes in measuring how much risk will be reduced by certain improvements.

Read More [fa icon="long-arrow-right"]

NIST CSF & FAIR - Part 3

[fa icon="calendar'] Apr 21, 2016 4:46:40 PM / by Jack Jones posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

A round peg in a round hole

As I mentioned in Part 2 of this series, frameworks like NIST CSF (and PCI DSS, ISO 27xxx, FFIEC CAT, etc.) have inherent limitations regarding their ability to help organizations measure risk, prioritize their concerns, or communicate the true value proposition of cyber security improvements.The good news is that these missing capabilities are where FAIR shines. That said, there are challenges…

Read More [fa icon="long-arrow-right"]

Video: How Was FAIR Started?

[fa icon="calendar'] Apr 19, 2016 4:45:53 PM / by Jack Jones posted in FAIR

[fa icon="comment"] 0 Comments

Ever wonder how the FAIR standard risk model was started?

In this video, the author of FAIR,  Jack Jones, explains his personal journey through cyber security and how that led him to create the FAIR ontology

Read More [fa icon="long-arrow-right"]

Survey Suggests Confusion Reigns About What Risk Is

[fa icon="calendar'] Apr 13, 2016 11:30:00 AM / by Jack Jones posted in Risk Management, Events

[fa icon="comment"] 0 Comments

Last week, I had the privilege of leading a full-day risk summit on information security (cyber) risk in Orlando at the 2016 Infosec World conference.

Over 50 professionals attended the summit, representing a wide variety of industries and roles.

Read More [fa icon="long-arrow-right"]

NIST CSF & FAIR - Part 2

[fa icon="calendar'] Apr 4, 2016 11:13:39 AM / by Jack Jones posted in FAIR, Risk Management

[fa icon="comment"] 2 Comments

A Review of NIST CSF

Giving credit where credit is due

The people who designed and contributed to the NIST Cybersecurity Framework (CSF) clearly put a lot of thought into it, and this is demonstrated through some important positive aspects:

Read More [fa icon="long-arrow-right"]
LEARN MORE

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts