FAIR Institute Blog

Video: CISOs and Board Members Talk Closing the Communication Gap

[fa icon="calendar'] Nov 15, 2017 12:51:46 PM / by Jeff B. Copeland posted in FAIR, Risk Management, Fair Conference 2017

[fa icon="comment"] 0 Comments

“It’s relatively rare that you get security leaders and board members together on a panel to talk about things,” says Wade Baker, who moderated “What CISOs Need to Tell the Board About Cyber and Technology Risk” panel discussion at FAIR Conference 2017

Read More [fa icon="long-arrow-right"]

What Metrics Matter in Risk Management? [Video]

[fa icon="calendar'] Nov 9, 2017 2:08:09 PM / by Isaiah McGowan posted in FAIR, Risk Management, Fair Conference 2017

[fa icon="comment"] 0 Comments

Dashboards. Metrics. Data. Everybody has them; most don’t know how to use them effectively. It’s a bold statement; but, according to Jack Jones and Jack Freund it is a truism in the risk management field.

Read More [fa icon="long-arrow-right"]

When Non-Compliance Is A-OK [Video]

[fa icon="calendar'] Nov 8, 2017 2:50:16 PM / by David Musselwhite posted in FAIR, Risk Management, Fair Conference 2017

[fa icon="comment"] 2 Comments

“You are clearly out of compliance with a federal law.” When you, as a risk management professional, hear this, what is your first reaction?

A. “Yikes! We better fix that immediately!”
B. “That sounds like a problem for the Compliance Department?”
C. “So what? The government has it’s hand in everything, let us run our business!”
D. “Hmm…let’s perform a risk analysis and see if we should be concerned.”

Read More [fa icon="long-arrow-right"]

Standards Groups and Regulators Recognize FAIR

[fa icon="calendar'] Nov 2, 2017 10:02:24 AM / by Jeff B. Copeland posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

The National Institute of Standards and Technology, the Federal Reserve, The Open Group,  PCI – a prestigious list of organizations and agencies cite or suggest FAIR as a leading model for cyber risk analysis and management. Expect this list to grow as more risk professionals and regulators come to the conclusion that simply following risk management frameworks isn't enough–they need quantitative analytical models to make effective decisions on risk. 

 

Read More [fa icon="long-arrow-right"]

A Crash Course on Capturing Loss Magnitude with the FAIR Model

[fa icon="calendar'] Oct 20, 2017 2:32:01 PM / by Teresa Suarez posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

In the FAIR model for risk analysis, Loss Magnitude—i.e. the monetary impact of a loss event—is bucketed in six Forms of Loss: Productivity, Response, Replacement, Competitive Advantage, Fines & Judgements, and Reputation.

Read More [fa icon="long-arrow-right"]

Hot Job: Data Protection Officer for the EU’s GDPR

[fa icon="calendar'] Oct 9, 2017 8:25:39 AM / by Jeff B. Copeland posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

Look for thousands of job listings next year for “data protection officer” to meet a requirement of the European Union’s General Data Protection Regulation, the privacy law that goes into effect May 18, 2018. Here’s a quick rundown to see if you need to start shopping for a DPO, as well.

Read More [fa icon="long-arrow-right"]

Amazon S3 Bucket Data Breaches – a FAIR Risk Analysis

[fa icon="calendar'] Oct 6, 2017 8:00:00 AM / by Rebecca Merritt posted in FAIR, Risk Management, Case Studies

[fa icon="comment"] 1 Comment

Sensitive documents from the US National Geospatial-Intelligence Agency…data on 14 million Verizon customers…voter information on 198 million Americans…Just a few of the reports this year on data breaches—or open data discovered by security researchers before a breach occurred—on Amazon S3 “buckets”.

Read More [fa icon="long-arrow-right"]

Coming Soon: Try FAIR Risk Quantification on Our Free Tool

[fa icon="calendar'] Sep 29, 2017 8:00:00 AM / by Jeff B. Copeland posted in FAIR, Risk Management, Fair Conference 2017

[fa icon="comment"] 3 Comments

UPDATE: The FAIR-U training app is now available. Get access to the web app now 


At the FAIR Conference in mid-October, the FAIR Institute will introduce FAIR-U, our first officially sanctioned training application for running FAIR risk analysis, guaranteed to correctly leverage the FAIR model.

Read More [fa icon="long-arrow-right"]

Q&A: Jack Jones Talks with the Global Association of Risk Professionals (GARP)

[fa icon="calendar'] Sep 20, 2017 6:07:48 PM / by Jeff B. Copeland posted in Risk Management

[fa icon="comment"] 0 Comments

FAIR Institute Chairman Jack Jones was interviewed by Jeffrey Kutler of the Global Association of Risk Professionals for an article published on the GARP website, “Signs of Acceptance and Maturity for the FAIR Model”.

The article is vintage Jack. A sample:

Read More [fa icon="long-arrow-right"]

Announcing the FAIR University Program - Building the Next Generation of Risk Management Leaders

[fa icon="calendar'] Sep 18, 2017 10:53:42 AM / by Luke Bader posted in FAIR, Risk Management, Fair Institute

[fa icon="comment"] 4 Comments

 Since our founding, The FAIR Institute has received an increasing number of requests to create an information risk management course based on FAIR. We are responding to those personal requests, and to a market demand, to help create risk analysts who are well trained and well versed in quantitative risk analysis. 

Read More [fa icon="long-arrow-right"]
LEARN MORE

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts