“Think of all the advantages the bad guys have,” FAIR Institute Chairman Jack Jones tells an audience this week at the InfoSecWorld 2017 Risk Management Summit in Orlando.
“We have to protect a very complex and dynamic landscape. The bad guys can pick and choose what they want to go after. And we are giving them a gift.
A member of the FAIR Institute LinkedIn forum asked an important question the other day:
“I was wondering if there are any guidelines, rules-of-thumb, etc. on how to decide when something should end up in a risk register or should be handled differently.
NYSE-listed organizations are extending the use of the COSO standard and framework beyond the management of financial reporting risk as mandated by section 404 of the Sarbanes-Oxley Public Company Accounting Reform and Investor Protection Act (SOX).
Jack Jones led the discussion at this month’s meeting of the FAIR Institute’s Data Utilization Work Group, including fielding this question from a FAIR Institute member about data breaches. Jack is the Institute’s Chairman and the co-author of Measuring and Managing Information Risk: A FAIR Approach.
During the March meeting of the Operational Risk Workgroup, the members took on a project to recast a list of top operational risks using the FAIR risk model. Every year, you’ll find numerous lists of supposed “top risks” from analysts, surveys, professional organizations, etc. with something in common: They don’t actually provide true risks.
“Likelihood” is one of those words, like “risk” itself, that appears repeatedly in the risk management literature but casts as much shadow as light on the subject. In this article, we’ll see that likelihood is a probability, and why it is sometimes best expressed as an expected frequency of occurrence.
In this short 5 min video, FAIR author Jack Jones gives an overview of the FAIR model for risk measurement and management, the training opportunities for FAIR and the professional organization, the FAIR Institute.
Listen carefully around the halls of the Moscone Center and you could hear a shift in the buzz at this year’s RSA Conference, compared to years past.