Larry Clinton has been advocating for cybersecurity in Washington since the days when “I had to start the conversation by spelling ‘cyber’”. President of the Internet Security Alliance since 2003, Clinton has doggedly pushed Congress and successive Administrations to take a holistic approach to information security issues or, as he calls it, the Cybersecurity Social Contract, laid out in a book of the same title, from the ISA.
by Jeff B. Copeland
You might say this article, “Bank Cyber Chiefs at Odds Over Risk Models” (registration required) by Steve Marlin, just out on Risk.net, takes a snapshot of the current stage of evolution of banking information security executives, progressing towards a bank cyber risk model that’s as rigorous as the industry's models for market and credit risk.
Hats off to (FAIR Institute Board Member) Wade Baker and partner Jay Jacobs of Cyentia Institute for plowing through all the available public data sources on ransomware and writing two blog posts that are essential reading for anyone serious about estimating ransomware risk from a solid foundation.
Jack Jones recently walked the FAIR Institute’s Data Integration Workgroup monthly call-in through a thinking exercise: Assume you’re the CISO of a mid-sized hospital – how do you understand the risk of ransomware?
Inherent risk, likelihood, vulnerability: concepts in everyday use in risk analysis that you think you have down pat. Read these three blog posts, and, if you're new to FAIR, we guarantee to make your assumptions topple. If you’re already a FAIR practitioner, you'll learn how to plug these foundational concepts into the FAIR model to solve whatever scenarios come your way.
FAIR Institute Board Member Evan Wheeler is a veteran financial industry risk executive, author, and frequent conference speaker and panelist, particularly on the topic of risk quantification. He’s also one of the most patient and lucid explainers of the FAIR model we’ve ever heard – take a listen to the video of his presentation at the RSA Conference in February, 2017, or read his posts for the FAIR Institute blog.
The National Institute of Standards Cybersecurity Framework (NIST CSF for short) is a set of best practices recommended for businesses to protect critical IT infrastructure. Published in 2014, it’s been adopted by about one-third of large companies at least in part, as indicated by a survey of CISOs last year by Tenable Network Security.
Interesting question sparked by an interesting legal case was posed on the FAIR Institute LinkedIn group discussion page recently, and answered by Institute Chairman Jack Jones. The State of New Jersey is trying to take away the license of a prominent psychologist for failing to protect patient privacy, claiming a long-running data breach of patient PHI.
FAIR Institute Board Member Bill Barouski served as Executive VP and CISO for the Federal Reserve System until mid-2015, overseeing information security for the US central bank, including incident response, as well as information security architecture, standards, policies and programs.