"Evolving Cyberrisk Practices to Meet Board-level Reporting Needs," is Jack Jones' latest article featured in the ISACA Journal, Volume 1, 2017.
FAIR specialist Chad Weinman from RiskLens recently shared his thoughts about the draft update 1.1 to the NIST Cybersecurity Framework in a RiskLens blog post. We are re-posting the most salient parts of his article for the benefit of FAIR Institute members.
Last week we held the second Cyber Risk Workgroup call, with excellent attendance and active engagement. During the call, we discussed the white paper I wrote regarding “Clarifying Risks”.
If you are confused by what standards and reputable sources mean by “vulnerability,” or “a vulnerability,” take heart. You have company. Our profession has done a great job in confusing itself. Let’s sort it out.
Risk Practitioners should be informed about the Open FAIR body of knowledge, and the role that The Open Group has played in creating a set of open and vendor-neutral standards and best practices in the area of Risk Analysis.
A couple of weeks ago I wrote a blog post pointing out some problems with NIST 800-30 (Fixing NIST 800-30).
We believe strongly in creating a sense of community with our members and would like to offer this unique opportunity to become a thought leader in a community that is rich with CISOs, CIROs, academics, and other established cyber risk professionals. With a well-established membership of over 700 members, the FAIR Institute continues to grow every month.
One of the most significant barriers to effectively measuring and communicating about risk is the imprecise use of fundamental nomenclature.
We closed out the end of 2016 with the inaugural Cyber Risk workgroup call.