After the shocking disruptions caused by WannaCry, the massive and immediate financial losses incurred because of NotPetya, and the sad and continued trend of each new year being "The Year of the Breach," the 50,000 cybersecurity practitioners and vendors gathered for the RSA Conference in San Francisco this week were ready for some good, uplifting post-2017 news.
In a perfect world, a quantitative cyber risk analysis would always leverage data that is both accurate and precise. Heck, every sort of financial analysis, whether personal or organizational, would leverage data and produce results that are both accurate and precise.
“Your organization has data regarding umpteen thousand unpatched vulnerabilities…So what? What decisions need to be made?” FAIR Institute Chairman Jack Jones asked an audience at the RSA Conference this week
As a former auditor, I understand the value a control has for an organization, a process or an application. But, I’ll be honest I used to think a control was one dimensional. It didn’t really matter what the control protected, if the control wasn’t functioning properly or configured exactly to a ‘T’, it was failing.
In September, 2017, the FAIR Institute launched the FAIR University Curriculum with the goal of helping to fill a void in the industry by assisting academia in building information risk management programs and developing the next generation of cyber risk executives.
The FAIR Institute is excited to announce our newest sponsoring partner, third-party risk management provider RiskRecon. RiskRecon’s continuous monitoring solution delivers prioritized action plans that enable precise and efficient elimination of your most critical third-party security risks.
The FAIR Institute is excited to have our Chairman, Jack Jones, represent the Institute at multiple events and sessions at the 2018 RSA Conference in San Francisco later this month. If you’re in town attending the conference, stop by the events below to hear Jack speak on the importance of quantitative analysis--and to say hello.
The Securities and Exchange Commission’s new guidance on cybersecurity risk disclosure landed with a thud in board rooms, C-suites and infosecurity shops, particularly for its requirements on reporting ongoing cyber risks
The MIT Technology Review recently published an article about what they called “cyber threats.” While the article identifies trending attack methods and scenarios to be concerned about, none of the things that made the list are actually threats.
Join Jack Jones, creator of the FAIR model for risk analysis, for a webinar on Tuesday, April 3, at 2 PM ET on “New SEC Cyber Risk Disclosure Guidance: The FAIR Advantage”.