FAIR Institute Blog

Jack Jones

Jack Jones

Recent Posts

Best Approach to Prioritizing Risks - Part 1

[fa icon="calendar'] Jan 14, 2016 6:09:04 PM / by Jack Jones posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

The Challenge

Focus.  It’s a critical quality every organization needs when it comes to managing information security and operational risk, but it’s something that very few do well. 

Read More [fa icon="long-arrow-right"]

How to Measure Aggregate Risk

[fa icon="calendar'] Jan 7, 2016 5:21:09 PM / by Jack Jones posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

One of the questions I commonly encounter is "How do you take something like FAIR and apply it to a big problem, like measuring the aggregate risk within an entire organization?"

Measuring the surface area of Long Island

Imagine that you’ve been given the task of determining the surface area of Long Island. How are you going to go about it?

Read More [fa icon="long-arrow-right"]

Comparing Security Budgets

[fa icon="calendar'] Dec 22, 2015 7:30:00 AM / by Jack Jones posted in Risk Management

[fa icon="comment"] 0 Comments

 

In my past life as a CISO, I was often asked what percentage of my employer’s IT budget went toward security. I always answered, "Why should I care?" Without fail, this apparently nonchalant answer evoked a response: "Well if you don't know that, how can you determine whether your organization is spending enough on security?" 

Read More [fa icon="long-arrow-right"]

Appropriate funding

[fa icon="calendar'] Nov 2, 2015 10:23:00 PM / by Jack Jones posted in Risk Management

[fa icon="comment"] 0 Comments

Because many organizations are beginning to wrestle the funding beast at this time of year, I thought I'd focus this post on the question of "appropriate funding."

 Management Doesn't Get It

One of the arguments I’ve heard folks use to dismiss the notion of a risk-based approach to security is that it’s been tried and failed.

Read More [fa icon="long-arrow-right"]

The Role of Critical Thinking

[fa icon="calendar'] Oct 15, 2015 10:12:00 PM / by Jack Jones posted in Risk Management

[fa icon="comment"] 0 Comments

Another perspective on risk management that I’ve found useful is to recognize that risk issues are “open- ended” in nature rather than “well-structured”. Well-structured problems can be reasoned to a single correct answer – e.g., 3+3=6, or “Will I overdraw my bank account if I write this check?” Open- ended problems, on the other hand, are those that can’t be reasoned to a single, undisputed correct answer.

Read More [fa icon="long-arrow-right"]

Risk Models Matter

[fa icon="calendar'] Sep 30, 2015 9:53:00 PM / by Jack Jones posted in Risk Management

[fa icon="comment"] 0 Comments

Let’s say you’re approaching an intersection and the traffic signal turns yellow. What do you do - slow down and stop, or hit the accelerator? The answer for most people, ultimately, is; “It depends." How fast am I going? How far am I from the intersection? Is there someone close behind me? Is there a police cruiser at the intersection? What is the road condition? Am I in a hurry to get somewhere? These are just a few of the considerations that may flash through our minds in an instant - at least some of them subconsciously. We then make a decision and act on that decision.

Read More [fa icon="long-arrow-right"]
LEARN MORE

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts