FAIR Institute Blog

Important Questions when Choosing a Cyber Risk Quantification Provider Part 1: Utility & Data

Educate Your Board, Build Support for Cyber Risk Quantification with the New NACD Director’s Handbook on Cyber-Risk Oversight

Meet a Member: Brenda Thayer, Fannie Mae, on Applying FAIR to Shifting Markets

How to Achieve Quick Wins with FAIR Cyber Risk Quantification

Jack Jones Seminars at RSA Conference 2023: Learn Cyber Risk Quantification from the Master

FAIR Institute Membership – What’s in It for You?

Webinar Mar. 30: FAIR Creator Jack Jones Explains “Understanding Cyber Risk Quantification”

FAIRCON23 Call for Speakers Is Open. Conference Theme Is 'Embrace Digital'

Invitation to Inaugural FAIR Institute Europe Summit in London June 1, 2023

Fear of Cyber Risk Quantification? Read This.

What Is Cyber Risk Quantification (CRQ) and How Does It Help Risk Management Decisions?

Meet Adham Etoom, National Cyber Security Center of Jordan, Learn Cyber Risk Quantification, at the Mar. 20 FAIR Inst. Middle East Summit

8 Goals for a Cyber Risk Management Program

Jack Jones Releases New Edition of the CRQ Buyer’s Guide to Cut through Risk Quantification Hype (Q&A with Jack)

How to Use DREAD Analysis with FAIR

Meet a Member: Pooya Alai, Senior Cybersecurity Risk Manager for Maersk on Unblocking the Decision Process with FAIR

Inherent Risk vs. Residual Risk Explained in 90 Seconds

'Risk Appetite' vs. 'Risk Tolerance'. What’s the Difference?

Take Your FAIR Knowledge to the Next Level, as Recommended by a FAIR Enablement Specialist

Llevá tu conocimiento FAIR al siguiente nivel, según las recomendaciones de tu FAIR Enablement Specialist

5 Tips and Insights from FAIR Institute Members in 2022

Invitation to Inaugural FAIR Institute Middle East and Africa Summit in Jordan

Leveraging the Human Element for a Successful FAIR Risk Management Program, Part 1

Attend a Seminar with FAIR Creator Jack Jones, Take FAIR Training at the 2023 RSA Conference

Meet a Member – Darren Kane, CSO at Australia’s nbn, on Expanding Your Outlook on Security with FAIR

The Good News: World Economic Forum Finds CISOs and Boards Talking More

Annual FAIR Conference and Middle East, Europe Summits Announced for 2023

6-Point Checklist to Launch a FAIR Quantitative Risk Management Program

Gartner Survey Finds Widespread Planning, Adoption of Cyber Risk Quantification, Depending on How You Define CRQ

Phil Venables’ 9 Ways to Report Cybersecurity Success – Plus 1 for Risk Quantification

Most Popular Blog Posts Published in 2022, Starring Jack Jones, Controls Analytics, 2 FAIRCON’s and Debunking Misinformation about CRQ

8 Insights from Jack Jones in 2022 on Automating Cyber Risk Analysis, Modeling Controls and Moving the Cyber Risk Profession Forward

2023 FAIR Training Schedule – Learn FAIR Risk Quantification Fundamentals or Sharpen Your Cyber Risk Reporting Skills

3 Tips on Growing a FAIR Risk Management Program

Video: Scaling a FAIR Risk Management Program with Behavioral Economics and the “Voltage Effect”

Video: Expedia Group’s Journey to FAIR Cyber Risk Quantification

Webinar: How to Get More Value from a Cybersecurity Controls Inventory

Jack Jones on the Wrong Lessons from the Conviction of Former Uber CSO Joe Sullivan

FAIR Institute Urges a Risk-based Approach to Healthcare Cybersecurity, in Response to Policy Options Paper by Sen. Warner

Quantifying the Risk of Employee Turnover

Meet a Member: Jeff Norem, Deputy CISO at Freddie Mac, on Making the Move to Risk Quantification

Mapping FAIR-CAM to Cybersecurity Frameworks: ‘Compliance Is Going to Radically Change’

Neil Davis Tells FAIRCON22 How Maersk Recovered from NotPetya with FAIR

Caleb Juhnke of Equinix Is Our 2022 FAIR Ambassador Award Winner

Nick Sanna’s FAIRCON22 Welcome Address: 10 Reasons FAIR Is the Standard for Cyber Risk Quantification – and New Services for FAIR Community from the FAIR Institute

FAIRCON22 Video: Jack Jones Explains FAIR Controls Analytics, RiskLens Previews the FAIR-CAM Tool for Quantitative Risk Analysis Automation

FAIRCON22 Video: How to Launch a FAIR CRQ Program that’s Low on Resources, High on Strategy

Jack Jones FAIRCON Message to Cyber Risk Management Profession: "The First Step Is Recognizing that You Have a Problem"

Q4 FAIR Training Opportunities: Effective Risk Communication Class – Hybrid Training - 40% Discount for Fundamentals Course

FAIRCON22 Video: SEC Regulators Answer Questions on Proposed Cyber Disclosure Rule

How to Scale FAIR Cyber Risk Management from Bottom Up and Top Down

New Membership Tier and Resources to Support a Growing Institute Community

5 Objections to FAIR and How to Overcome Them – Lessons from the Netflix FAIR Program

3 Tips for a Successful CISO Board Presentation (FAIRCON22 Panel Discussion)

3 Ways to Roll Out a FAIR Quantitative Risk Management Program

Should You Self-Insure for Cyber Risk? CISOs Debate Value of Cyber Insurance at FAIRCON22

4 CISOs Explain How to Make the Culture Change from Compliance Focus to Risk-Based Cybersecurity

To Knock Out Cyber Crime, Hit the Economics, Internet Security Alliance Pres. Larry Clinton Tells the 2022 FAIR Conference

2022 FAIR Awards Honor Caleb Juhnke (Equinix), Neil Davis (Maersk), and Cedric De Carvalho (Richemont) for Risk Management Vision

FAIRCON22 Day Two: How to Map Your Way to Better Security, Wow the Board, and More CRQ Success Stories

FAIRCON22 Day One: Scaling FAIR Programs by Changing Culture, Overcoming Objections, Juicing ‘Voltage’ and More Tips from Netflix, Victoria’s Secret, Funko – and the Federal Reserve

Can the Cyberspace Solarium Commission Keep the Legislative Momentum Going? Exec Director Mark Montgomery to Update 2022 FAIR Conference

10 Bits of Wisdom on Quantitative Cyber Risk Management from the FAIR Conferences

Automation Is the Future of Cyber Risk Quantification. Get a First Look, Attend the 2022 FAIR Conference

Academic Study Uncovers How Legal Privilege Undermines Cybersecurity

Gartner’s John Button Has a Message for Infosec: “ERM Is the Best Friend You Never Knew You Always Had”

What’s It Like to Go through FAIR Training in Cyber Risk Quantification?

Scaling Quantitative Cyber Risk Management: 6  Questions We’ll Answer at the 2022 FAIR Conference

5 Interesting People You Will Meet at FAIRCON22

FAIRCON22 Keynote Preview: Larry Clinton of ISA on FAIR’s Place in the Battle for Cyberspace

Cyentia Institute to Preview the IRIS 2022 Report at FAIRCON22

Meet a Member: CISO Markus Kaufmann Talks Embedding FAIR in the Governance Process at Toymaker Funko

FAIRCON22 Training Opportunity: Effective Reporting on Cyber Risk to a Business Audience

5 Great Reasons to Attend FAIRCON22

You Can Produce Meaningful Results from Quantitative Cyber Risk Analysis in Hours – Learn How at the 2022 FAIR Conference

A FAIR Beginner’s Guide to the 2022 FAIR Conference

FAIR Institute Message to NIST Proposes Enhancing the NIST CSF with Quantitative Controls Analysis (FAIR-CAM)

Meet a FAIRCON22 Speaker: Omar Khawaja, CISO, Highmark Health

2022 FAIR Conference Agenda: Scaling Quantitative Cyber Risk Management - Learn from Netflix, Victoria’s Secret, Highmark Health, Capital One – Preview the FAIR Controls Analytics Model

5 Risk Quantification Case Studies You’ll Hear at the 2022 FAIR Conference

3 Key Concepts in FAIR

Why Cyber Risk Quantification (CRQ) Demos Aren't Enough

Attacking FAIR - A Reply by Jack Jones

What Is Calibrated Estimation in Cyber Risk? Learn from the Master, Douglas Hubbard, at FAIRCON22

10 Reasons Why FAIR Is the Standard for Cyber Risk Quantification (Infographic)

Honoring Excellence in Information and Operational Risk Management: Submit Your Nominations for the 2022 FAIR Awards!

FAIR Training Courses Announced for the 2022 FAIR Conference

Jack Jones Rebuts ‘FAIR Fatigue’, an Article Filled with Misrepresentations of Factor Analysis of Information Risk (FAIR), the Standard for Risk Quantification

5 Powerful Ideas from the FAIR Institute in First Half,  2022

Identifying the Right Risk Scenarios to Measure with FAIR

How CISOs Can ‘Own’ High Value Business Activities with FAIR

Quantifying Cyber Risk in Healthcare with FAIR: A Short Guide

3 New Ways to Think about Cybersecurity Controls

Jack Jones Speaks at RSAC 2022 on AI, Automation, the Future of Risk Measurement and What It Will Take to Get There

Meet a Member Podcast: Michael Meis, Associate CISO, U. of Kansas Health System on Two Big Business Questions FAIR Answers

FDA Proposes a “Probabilistic,” Scenario-based Approach for Medical Device Cyber Risk

Understanding and Managing Skeptical Stakeholder Reaction to Quantitative Cyber Risk Analysis

FAIRCON22 Use Case Presentations Will Show Practical Results of CRQ – Get Your Early Bird Tickets by May 31

Hear Jack Jones on the Future of Cyber Risk Measurement at RSAC22, June 8

Dos and Don’ts of Using CVSS Scores in Cyber Risk Management

7 Basic Tools for FAIR Cyber Risk Analysis

10 Reasons Why FAIR Is Winning

Harvard Law Article: SEC Proposed Rules a “Game Changer” for Reporting Cyber Risk in Financial Terms

RSA Conference 2022: FAIR Training plus Jack Jones Seminar on the Future of Cyber Risk Management

Jack Jones: Automating Cyber Risk Quantification (Part 5 of 5)

How CISOs Can Think Like Business Leaders -- Advice from Michael Carr, CISO at Health First

Jack Jones: Automating Cyber Risk Quantification (Part 4 of 5)

Present Your Stories About Scaling a Risk Management Program - Speak at FAIRCON22

Jack Jones: Automating Cyber Risk Quantification (Part 3 of 5)

Sharpen Your FAIR Skills with these Resources

Jack Jones: Automating Cyber Risk Quantification (Part 2 of 5)

Member Survey Results: High Interest in FAIR-CAM, High Concern on Ransomware

Jack Jones: Automating Cyber Risk Quantification (Part 1 of 5)

Meet a Member Podcast: Cedric De Carvalho of Richemont on Introducing FAIR to 26 Lines of Business

7 Bits of Advice on Scaling FAIR Risk Management to the Enterprise Level

Analyzing Privacy Risk Using FAIR

Register Now for the 2022 FAIR Conference

Insights from Dropbox on Building a Quantitative Cyber Risk Management Program

RiskLens Debuts Self-Service Cyber Risk Quantification Tool at 2022 FAIR Conference Series

What’s the Risk Reduction Effect of NIST CSF Maturity Scores? Jack Jones and the FAIR-CAM Team Are Working on It

SEC Proposes Rules for Faster, More Defensible Cyber Risk Reporting. It Could Do Better Still

James Lam on Do’s and Don’ts of Reporting on Cyber Risk to the Board

CRQ For All: Introducing My Cyber Risk Benchmark from RiskLens (Sponsored Post)

Energy Department Presents a FAIR-based Risk Management Model for Federal Government

Senate Passes 'Strengthening American Cybersecurity Act,' Requires a Federal Cyber Risk Model

FAIR vs. Proprietary Cyber Risk Analysis Models: What’s the Difference? Jack Jones Explains

How Long Does It Take to Launch a FAIR Program?

4 Ways FAIR Cyber Risk Analysis Saves Money

How to Hire a FAIR Cyber Risk Analyst

Highlights from the First Event in the 2022 FAIR Conference Series, with Use Cases from Dropbox, Dept. of Energy and More

A Solution for Measuring Inherent Risk

New FAIR Conference Series Starts Feb. 24 with Jack Jones on FAIR-CAM, James Lam on Board Reporting and Case Studies from Department of Energy, Thrivent Financial and Dropbox

Help the FAIR Institute Better Meet Your Needs in 2022. Take a Quick Survey

3 Risk Identification Questions You Should Be Asking

Human Nature in Our FAIR Risk Programs: Work With It, Not Against It

Meet a Member: Freddie Mac's Robert Herse on Flexible Thinking on Cyber Risk with FAIR

Cyber Risk Management: Establishing a Blueprint with FAIR

Study Finds Employees Will Violate Security Policy to Get Their Work Done – FAIR-CAM Helps to Solve the Problem

3 Quick Steps for FAIR Program Maturity

SEC Chair Gensler Signals Tighter Cybersecurity Reporting Coming, Opening the Way for Risk Quantification

Leading Advocate for Cybersecurity Rep. Jim Langevin to Leave Congress

Low-Cost Ways to Start a Quantitative Cyber Risk Management Program

4 Ways to Use FAIR Cyber Risk Analysis for Business Decisions

How Cyber Risk Management Is Like Buying a Bike for Your Daughter – Understanding the FAIR Controls Analytics Model (FAIR-CAM)

FAIR Institute Calls on SEC to Require Disclosure of Top Cyber Risks in Financial Terms

4 Counterintuitive Insights into Cyber Risk Management from the FAIR Conference

Meet a Member Podcast: Bob Dooling of Redox on the Journey from Pen Tester to FAIR Practitioner

Jack Jones: In 2022, the New FAIR Controls Analytics Model (FAIR-CAM) Begins to Redefine Risk Management Maturity

The FAIR Institute’s 8 Most Popular Blog Topics Published in 2021

FAIR Institute in 2021: FAIR-CAM Released, Membership & Training at New Highs, Another Big Turnout for FAIRCON

Jack Jones on Log4j: Take these Steps to Prepare for the Next Zero-Day Exploit

A New Approach to Data for Faster FAIR Quantitative Risk Analysis

Quantifying Cyber Risk Alongside Operational Risk with FAIR

Case Study: Analyze Ransomware Risk for a Bank, Satisfy Financial Regulators

FAIR for Government Resilience: Sonoma County, CA, Quantifies Disaster Risk

CISA Looks to Quantify National Risk from Cyber Attacks

3 Things About Controls Your Cybersecurity Staff May Not Be Telling You

FAIR Use Case: Introducing Quantitative Risk Management at Fashion Group Richemont

5 Metrics for Cyber Risk Resilience – Advice from a Federal Reserve Expert

Jack Jones: The Quality of Qualitative Risk Measurement (Continued)

Who Owns Cyber Risk? The Answer Isn’t Clear in Many Organizations

Jack Jones: The Quality of Qualitative Risk Measurements

Reporting to the Board on Cyber Risk: 2 Charts to Tell Your Story

Tools and Tips to Start a FAIR Program across Your Organization

Jack Jones: What Do Qualitative and Quantitative Risk Measurements Have in Common?

4 Tips to Launch Cyber Risk Quantification at a Global Company

4 Questions and 4 Action Steps to Get a FAIR Program Off the Ground

Use Case for FAIR-CAM: Rapid Policy Exception Management

Meet a Member: Brad Carvellas, CISO, The Guthrie Clinic, on FAIR for Healthcare Organizations

Your Competitor Got Hacked. What’s Your Cyber Risk? 6 Questions to Answer

CISOs: To Build Cyber Resilience, Start with Your People

How HPE Is Transitioning FAIR from Cyber to Enterprise Risk Management

Meet a Member: Zach Cossairt of Equinix on the Human Element in Risk Quantification

Gartner’s John Wheeler on the New Risk Management of the COVID Era (FAIRCON21 Keynote)

FAIRCON21 Day Two: Jack Jones Releases FAIR-CAM™ and Risk Management Leaders Share the Latest on Data Science, Board Reporting, Critical Infrastructure and More

At FAIRCON21, Jack Jones Introduces the FAIR Controls Analytics Model (FAIR-CAM™), the Standard for Measuring the Effectiveness of Cybersecurity Controls

2021 FAIR Awards Honor Risk Management Innovators and Advocates from Equinix, Fannie Mae, C-Risk

FAIRCON21 Day One: Achieving Cyber Resilience with Advice from IBM, HPE, Federal Reserve, Netflix, and More FAIR Risk Management Leaders

Guide to the 2021 FAIR Conference: Tracks on Building Resilience, Board Communication, Data for Analysis, and Much More

Using Risk Quantification to Reach Your Zero Trust Goals

Coming to FAIRCON21: New Modeling, Prepared Data Products for Faster, Better FAIR Analysis

How to Build a Great Foundation for a FAIR Cyber Risk Quantification Program – Learn from Netflix

PRMIA Survey Finds Data a Major Pain Point for Risk Managers

Federal Reserve Warns on Financial System Cyber Risk – Take Steps to Build Resilience

Meet a FAIRCON21 Speaker: Seth Mowbray, Senior Analyst, GEHA, on FAIR for Operational Risk

Meet a FAIRCON21 Speaker: Josh Malnourie, Blue Cross Blue Shield North Dakota, on FAIR for Third Party Risk Assessment

FAIR Conference, Oct. 20: Jack Jones to Introduce FAIR-CAM™ to Quantify Effectiveness of Cybersecurity Controls

Beginner Webinar: How to Start a FAIR Quantitative Risk Analysis Program – Finding Data and Use Cases

After the Meris IT Botnet Attacks, Assess Your Risk from DDoS with FAIR Analysis

2021 FAIR Conference Agenda: IBM, Netflix, DHS, HPE on Staying Resilient in Tough Times – Plus, Jack Jones Releases FAIR Controls Analytics

Meet a Member: Phillip Mahan of Serta Simmons on Talking Risk to the Business in the Language of the Business

White Paper: Data Governance Practices for Cyber Risk Management

FAIRCON21 Becomes a Fully Virtual Conference

Meet a Member: Michael Rich of MPI on Growing His Own Quantitative Risk Management Program

Summer 2021 FAIR Book Club Ends with Advice on Risk Management and Metrics

Meet a Member Video: Marc Krevinghaus, Managing Director, MAKINSIGHTS, Bringing FAIR to North and South America

FAIR Institute Summer Book Club 2021 Part 5 - Techniques for Perfecting Risk Analysis

3 Ways FAIR Integrates with Your Existing Cybersecurity Programs

FAIR Terminology 101 – Risk, Threat Event Frequency and Vulnerability

Summer Book Club 2021 Part 4 – This Week, Key Skills: Scoping, Data Gathering, Reviewing Analysis

Content not found

Subscribe to Email Updates

Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts