FAIR Institute Blog

Now Available: Practice FAIR with Our Free Training App

[fa icon="calendar'] Oct 23, 2017 10:08:57 AM / by Jeff B. Copeland posted in FAIR

[fa icon="comment"] 0 Comments

Big news if you’re a student of FAIR, an organization evaluating FAIR before taking the plunge on a paid risk analysis solution, a do-it-yourselfer who’s been running FAIR on a spreadsheet, or just curious about the buzz around the quantitative model that’s shaking up the risk-analysis profession. The FAIR Institute has just released FAIR-U, the first officially sanctioned training app for FAIR. The tool is offered free of charge by RiskLens, Technical Advisor to the FAIR Institute.

Read More [fa icon="long-arrow-right"]

A Crash Course on Capturing Loss Magnitude with the FAIR Model

[fa icon="calendar'] Oct 20, 2017 2:32:01 PM / by Teresa Suarez posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

In the FAIR model for risk analysis, Loss Magnitude—i.e. the monetary impact of a loss event—is bucketed in six Forms of Loss: Productivity, Response, Replacement, Competitive Advantage, Fines & Judgements, and Reputation.

Read More [fa icon="long-arrow-right"]

Jack Jones’ Top 10 Blog Posts

[fa icon="calendar'] Oct 13, 2017 8:30:00 AM / by Jeff B. Copeland posted in FAIR, Jack Jones

[fa icon="comment"] 0 Comments

Jack Jones…creator of the FAIR model (that’s Factor Analysis of Information Risk)…author of  the FAIR book Measuring and Managing Information Risk: A FAIR Approach…chairman of the FAIR Institute…and the leading evangelist for effective risk measurement based on critical thinking.  For a quick education on Jack’s thinking and the FAIR approach to risk, check out this reading list of Jack’s 10 most popular writings on the FAIR Institute blog.

Read More [fa icon="long-arrow-right"]

AML & Sanctions Compliance: Top Operational “Risks” for 2017? – Part 3

[fa icon="calendar'] Oct 12, 2017 10:52:53 AM / by Evan Wheeler posted in FAIR

[fa icon="comment"] 0 Comments

After a short summer break, the FAIR Institute Operational Risk workgroup met again in August to continue our project using the FAIR methodology to revise a typical list of “top operational risks” (we found our list on Risk.net). 

Read More [fa icon="long-arrow-right"]

Hot Job: Data Protection Officer for the EU’s GDPR

[fa icon="calendar'] Oct 9, 2017 8:25:39 AM / by Jeff B. Copeland posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

Look for thousands of job listings next year for “data protection officer” to meet a requirement of the European Union’s General Data Protection Regulation, the privacy law that goes into effect May 18, 2018. Here’s a quick rundown to see if you need to start shopping for a DPO, as well.

Read More [fa icon="long-arrow-right"]

Amazon S3 Bucket Data Breaches – a FAIR Risk Analysis

[fa icon="calendar'] Oct 6, 2017 8:00:00 AM / by Rebecca Merritt posted in FAIR, Risk Management, Case Studies

[fa icon="comment"] 1 Comment

Sensitive documents from the US National Geospatial-Intelligence Agency…data on 14 million Verizon customers…voter information on 198 million Americans…Just a few of the reports this year on data breaches—or open data discovered by security researchers before a breach occurred—on Amazon S3 “buckets”.

Read More [fa icon="long-arrow-right"]

FBI’s Donald Freese Praises FAIR Approach at (ISC)² Security Congress

[fa icon="calendar'] Oct 3, 2017 12:35:20 PM / by Jeff B. Copeland posted in FAIR

[fa icon="comment"] 0 Comments

Donald Freese, Deputy Assistant Director of the FBI in the information technology branch, gave the opening keynote talk last week to the (ISC)² Security Congress in Austin, and hit some themes inspired by FAIR.

Read More [fa icon="long-arrow-right"]

Case Study: NIST Digital Identity Guidelines and FAIR “Made for Each Other”

[fa icon="calendar'] Sep 29, 2017 5:15:42 PM / by Jeff B. Copeland posted in FAIR, Case Studies

[fa icon="comment"] 0 Comments

The new NIST 800-63-3 Digital Identity Guidelines and FAIR were “made for each other”, writes Chip Block, VP at Evolver, Inc., (the operator of large-scale security operations centers for government and business) in an article just published on The Security Ledger website  -- the guidelines establish levels of security based on risk, and FAIR sets monetary values for the risk, enabling organizations to prioritize spending.

Read More [fa icon="long-arrow-right"]

Coming Soon: Try FAIR Risk Quantification on Our Free Tool

[fa icon="calendar'] Sep 29, 2017 8:00:00 AM / by Jeff B. Copeland posted in FAIR, Risk Management, Fair Conference 2017

[fa icon="comment"] 3 Comments

UPDATE: The FAIR-U training app is now available. Get access to the web app now 


At the FAIR Conference in mid-October, the FAIR Institute will introduce FAIR-U, our first officially sanctioned training application for running FAIR risk analysis, guaranteed to correctly leverage the FAIR model.

Read More [fa icon="long-arrow-right"]

'Vulnerability' in Risk Analysis, Explained in 2 Minutes [Video]

[fa icon="calendar'] Sep 27, 2017 3:36:37 PM / by Tim Wynkoop posted in FAIR

[fa icon="comment"] 1 Comment

Precise definitions of the factors that go into an accurate risk analysis – that may be the bottom line advantage of the FAIR approach.  For a great example, take Vulnerability, loosely defined as "weakness" most often, but FAIR gives it a focussed and more useful meaning: “the probability that a threat event will become a loss event.”  

Read More [fa icon="long-arrow-right"]
LEARN MORE

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts