Jack Jones recently walked the FAIR Institute’s Data Integration Workgroup monthly call-in through a thinking exercise: Assume you’re the CISO of a mid-sized hospital – how do you understand the risk of ransomware?
Inherent risk, likelihood, vulnerability: concepts in everyday use in risk analysis that you think you have down pat. Read these three blog posts, and, if you're new to FAIR, we guarantee to make your assumptions topple. If you’re already a FAIR practitioner, you'll learn how to plug these foundational concepts into the FAIR model to solve whatever scenarios come your way.
FAIR Institute Board Member Evan Wheeler is a veteran financial industry risk executive, author, and frequent conference speaker and panelist, particularly on the topic of risk quantification. He’s also one of the most patient and lucid explainers of the FAIR model we’ve ever heard – take a listen to the video of his presentation at the RSA Conference in February, 2017, or read his posts for the FAIR Institute blog.
The National Institute of Standards Cybersecurity Framework (NIST CSF for short) is a set of best practices recommended for businesses to protect critical IT infrastructure. Published in 2014, it’s been adopted by about one-third of large companies at least in part, as indicated by a survey of CISOs last year by Tenable Network Security.
Interesting question sparked by an interesting legal case was posed on the FAIR Institute LinkedIn group discussion page recently, and answered by Institute Chairman Jack Jones. The State of New Jersey is trying to take away the license of a prominent psychologist for failing to protect patient privacy, claiming a long-running data breach of patient PHI.
FAIR Institute Board Member Bill Barouski served as Executive VP and CISO for the Federal Reserve System until mid-2015, overseeing information security for the US central bank, including incident response, as well as information security architecture, standards, policies and programs.
Tony Martin-Vegue leads the San Francisco Bay Area chapter of the FAIR Institute, 30 members strong. Tony spoke at the first FAIR Conference in 2016, presenting a case study on measuring DDoS risk using FAIR. In his day job, he’s Manager, Information Security Risk at Lending Club, the online credit marketplace that matches investors with borrowers, bypassing traditional bank lending and passing on the savings to borrowers in lower rates. Lending Club has funded some $25 billion in loans.
FAIR Institute Member Wade Baker surveyed over a hundred CISOs and corporate board directors to find out just why these two groups have so much trouble communicating. The results are in the just released Cyber Balance Sheet from Wade’s Cyentia Institute and risk management firm Focal Point (FAIR Institute Chairman Jack Jones was a contributor).
“Think of all the advantages the bad guys have,” FAIR Institute Chairman Jack Jones tells an audience this week at the InfoSecWorld 2017 Risk Management Summit in Orlando.
“We have to protect a very complex and dynamic landscape. The bad guys can pick and choose what they want to go after. And we are giving them a gift.
In this short 5 min video, FAIR author Jack Jones gives an overview of the FAIR model for risk measurement and management, the training opportunities for FAIR and the professional organization, the FAIR Institute.