“Leadership Vision for 2022,” a new report from Gartner, the leading technology consulting firm, presents some solid advice for CISOs and other security and risk management leaders pulled in many directions
Ransomware attacks on healthcare organizations increased by 94% year over year in 2021, according to a global survey by Sophos, an average of nearly two data breaches of sensitive PHI have occurred every day in the U.S., according to HHS
Jack Jones introduced FAIR-CAM™, the FAIR Controls Analytics Model, to challenge the cybersecurity profession to move beyond its reflexive focus on cybersecurity controls lists
FAIR standard creator Jack Jones spoke this week at the 2022 RSA Conference with the message that the future of risk measurement and management is (drum roll) artificial intelligence and automation. You might have heard the same in vendor booths on the show floor, but not like Jack told it: The industry won’t get there without a major shift left
Michael Meis, Co-Chair of the Kansas City Chapter of the FAIR Institute and Associate CISO for the University of Kansas Health System, first heard Jack Jones speak at the 2020 RSA Conference and “it was like a lightbulb going off for me”
The U.S. Food and Drug Administration (FDA) recently proposed a rule that would require the “medical device system” to conduct risk analyses to manage cybersecurity risk throughout the lifecycle of a medical device and its connected network.
"I just think loss exposure is too low!” Many FAIR risk analysts have faced this response from a stakeholder at some point in their career. This rejection is often not a reflection of the work done by the analyst
The community of FAIR cyber risk quantification (CRQ) experts, practitioners and learners comes together for the 2022 FAIR Conference, September 27 and 28 in Washington, D.C., (take advantage of the early bird pricing expiring May 31 – buy your tickets now).
Jack Jones, creator of FAIR™ (Factor Analysis of Information Risk) and chief provocateur of the cyber risk quantification movement, speaks at the 2022 RSA Conference, Wednesday, June 8, in a morning seminar on the future of risk measurement.
CVSS scores are widely used – and widely mis-used – in cyber risk management. The Common Vulnerability Scoring System serves as a valuable alert system to point defenders to weaknesses in their defenses. But because CVSS scoring is numeric, it is often confused as quantitative cyber risk analysis
