Interested in building a state-of-the-art information risk management course at your university? Join us for the FAIR University Curriculum Virtual Panel Webinar on Friday, February 23rd, at 1 PM EST.
The FAIR Institute is very excited to announce that the we will be hosting the third annual FAIR Conference (FAIRCON18) at Carnegie Mellon University in Pittsburgh, Pennsylvania, on October 16 -17, 2018.
One of my final initiatives prior to leaving public accounting and entering my new role in risk management was helping organizations prepare for the changes introduced by AICPA in the SSAE 18 audit standard, which went into effect in May 2017.
Simply put, when Industrial Control System (ICS) cyber risk is accurately modeled, measured, quantified and normalized with mechanical / industrial operational risk, it is then demystified.
In the first post of this series, I focused on answering a commonly expressed concern about the reliability of cyber risk measurement. At the end of that post, I mentioned that some readers might draw a distinction between an example I gave and the real world of cyber risk measurement.
For a quick introduction to cybersecurity law, take a listen to a new webcast from Evolver, a FAIR-powered consultancy that specializes in legal tech, cyber insurance and other info-risk concerns.
Time and time again I see analysts perform a FAIR risk analysis but get caught up in searching for the absolute perfect data or second guessing the results.
Risk managers are always seeking to address the risks that matter most to their organizations. But you can’t analyze and prioritize what you don’t identify.
We are happy to announce that the annual FAIR Institute Breakfast Meeting during the RSA Conference 2018, will be held in downtown San Francisco from 7:30 - 10 AM on April 18, 2018.
Earlier this month, The FAIR Institute partnered with The Open Group to submit comments and recommendations to the draft version 1.1 of NIST's Cybersecurity Framework (NIST CSF). The NIST CSF and its Framework Core were created in 2014 to provide guidance on how organizations can better “Identify, Protect, Detect, Respond, Recover” when assessing cyber threats.