The FAIR™ Enablement Specialists (FES) team connects Institute members with the resources they need to build quantitative risk management programs, from educational materials to local and national events (like the annual FAIR Conference) to getting advice on best practices from FAIR experts and the FAIR community (like the LINK discussion platform).
RSA Conference 2020 included FAIR™ among one of the top ten trends in cybersecurity, based on the 2,400 speaker applications for this year. The RSAC 2020 Trend Report’s #7 trending theme “Frameworks, Frameworks, Frameworks” covered FAIR and the NIST CSF (which this year added FAIR to its recommended resources).
In this webinar sponsored by our technical advisor, RiskLens, hundreds of your peers in cybersecurity and risk came to get answers to some burning questions.
How do I get more value from the NIST CSF Framework?
In another milestone for acceptance of FAIR™ and cyber risk quantification, COSO has issued its first guidance document on applying the COSO Enterprise Risk Management Framework to cyber risk management – and included a reference to the FAIR model
We are hosting multiple FAIR™ Analysis Fundamentals Training Courses throughout the year and across the country. Take advantage of one of these excellent opportunities to work with expert trainers in person
“Thought leadership” is a term that gets used loosely but Jack Jones, creator of Factor Analysis of Information Risk (the FAIR™ model) and Chairman of the FAIR Institute has been out in front of the profession for years patiently pointing out the limitations of conventional, qualitative risk analysis
In a new article for Threatpost, Jack Freund, PhD, co-author of the FAIR™ book Measuring and Managing Information Risk, makes the radical proposal that organizations issue a “cyber risk prospectus” much like an investment prospectus that warns “past performance is not an indicator of future results.
Where are you at on your FAIR™ journey? Everyone has to start somewhere and often starting is the hardest part. Maybe you are FAIR trained and trying to figure out how to take the first step, maybe you use qualitative methods and still want to improve your program
To judge from the most-read topics of the year, FAIR Institute blog readers were focused on keeping up with the risk quantification movement and learning all they could about FAIR™ best practices. Leading off the list were the two big events of the year, the 2019 FAIR Conference and the addition of FAIR to the NIST CSF
If you need a concise manifesto to convince others in your organization of the need for FAIR™ cyber risk quantification – particularly in budget-setting season—Jack Freund, PhD, co-author of the FAIR book Measuring and Managing Information Risk, has written it, just out in the ISACA Newsletter.