FAIR Institute Blog

How CISOs Can ‘Own’ High Value Business Activities with FAIR

[fa icon="calendar'] Jun 23, 2022 9:20:12 AM / by Jeff B. Copeland posted in Guides & Tips

[fa icon="comment"] 0 Comments

Leadership Vision for 2022,” a new report from Gartner, the leading technology consulting firm, presents some solid advice for CISOs and other security and risk management leaders pulled in many directions

Read More [fa icon="long-arrow-right"]

Quantifying Cyber Risk in Healthcare with FAIR: A Short Guide

[fa icon="calendar'] Jun 15, 2022 5:37:59 PM / by Jeff B. Copeland posted in Healthcare

[fa icon="comment"] 0 Comments

Ransomware attacks on healthcare organizations increased by 94% year over year in 2021, according to a global survey by Sophos, an average of nearly two data breaches of sensitive PHI have occurred  every day in the U.S., according to HHS

Read More [fa icon="long-arrow-right"]

3 New Ways to Think about Cybersecurity Controls

[fa icon="calendar'] Jun 15, 2022 11:46:43 AM / by Jeff B. Copeland posted in FAIR-CAM

[fa icon="comment"] 0 Comments

Jack Jones introduced FAIR-CAM™, the FAIR Controls Analytics Model, to challenge the cybersecurity profession to move beyond its reflexive focus on cybersecurity controls lists

Read More [fa icon="long-arrow-right"]

Jack Jones Speaks at RSAC 2022 on AI, Automation, the Future of Risk Measurement and What It Will Take to Get There

[fa icon="calendar'] Jun 9, 2022 9:40:50 AM / by Jeff B. Copeland posted in Jack Jones, FAIR-CAM

[fa icon="comment"] 0 Comments

FAIR standard creator Jack Jones spoke this week at the 2022 RSA Conference with the message that the future of risk measurement and management is (drum roll) artificial intelligence and automation. You might have heard the same in vendor booths on the show floor, but not like Jack told it: The industry won’t get there without a major shift left

Read More [fa icon="long-arrow-right"]

Meet a Member Podcast: Michael Meis, Associate CISO, U. of Kansas Health System on Two Big Business Questions FAIR Answers

[fa icon="calendar'] Jun 8, 2022 12:15:00 PM / by Luke Bader posted in Meet a Member

[fa icon="comment"] 0 Comments

Michael Meis, Co-Chair of the Kansas City Chapter of the FAIR Institute and Associate CISO for the University of Kansas Health System, first heard Jack Jones speak at the 2020 RSA Conference and “it was like a lightbulb going off for me”

Read More [fa icon="long-arrow-right"]

FDA Proposes a “Probabilistic,” Scenario-based Approach for Medical Device Cyber Risk

[fa icon="calendar'] Jun 8, 2022 7:45:00 AM / by Jacqueline Lebo posted in Government

[fa icon="comment"] 0 Comments

The U.S. Food and Drug Administration (FDA) recently proposed a rule that would require the “medical device system” to conduct risk analyses to manage cybersecurity risk throughout the lifecycle of a medical device and its connected network.

Read More [fa icon="long-arrow-right"]

Understanding and Managing Skeptical Stakeholder Reaction to Quantitative Cyber Risk Analysis

[fa icon="calendar'] Jun 1, 2022 10:56:01 AM / by Caleb Juhnke posted in Guides & Tips, FAIR Program Launch

[fa icon="comment"] 0 Comments

"I just think loss exposure is too low!” Many FAIR risk analysts have faced this response from a stakeholder at some point in their career. This rejection is often not a reflection of the work done by the analyst

Read More [fa icon="long-arrow-right"]

FAIRCON22 Use Case Presentations Will Show Practical Results of CRQ – Get Your Early Bird Tickets by May 31

[fa icon="calendar'] May 26, 2022 7:40:00 AM / by Luke Bader posted in FAIR Conference 2022

[fa icon="comment"] 0 Comments

The community of FAIR cyber risk quantification (CRQ) experts, practitioners and learners comes together for the 2022 FAIR Conference, September 27 and 28 in Washington, D.C., (take advantage of the early bird pricing expiring May 31 – buy your tickets now).

Read More [fa icon="long-arrow-right"]

Hear Jack Jones on the Future of Cyber Risk Measurement at RSAC22, June 8

[fa icon="calendar'] May 25, 2022 1:59:01 PM / by Jeff B. Copeland posted in Events

[fa icon="comment"] 0 Comments

Jack Jones, creator of FAIR™ (Factor Analysis of Information Risk) and chief provocateur of the cyber risk quantification movement, speaks at the 2022 RSA Conference, Wednesday, June 8, in a morning seminar on the future of risk measurement.

Read More [fa icon="long-arrow-right"]

Dos and Don’ts of Using CVSS Scores in Cyber Risk Management

[fa icon="calendar'] May 24, 2022 2:12:25 PM / by Jeff B. Copeland posted in Risk Management

[fa icon="comment"] 0 Comments

CVSS scores are widely used – and widely mis-used – in cyber risk management. The Common Vulnerability Scoring System serves as a valuable alert system to point defenders to weaknesses in their defenses.  But because CVSS scoring is numeric, it is often confused as quantitative cyber risk analysis

Read More [fa icon="long-arrow-right"]
LEARN MORE
Content not found

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts