FAIR Institute Blog

Guide to the 2021 FAIR Conference: Tracks on Building Resilience, Board Communication, Data for Analysis, and Much More

Beginner Webinar: How to Start a FAIR Quantitative Risk Analysis Program – Finding Data and Use Cases

After the Meris IT Botnet Attacks, Assess Your Risk from DDoS with FAIR Analysis

2021 FAIR Conference Agenda: IBM, Netflix, DHS, HPE on Staying Resilient in Tough Times – Plus, Jack Jones Releases FAIR Controls Analytics

Meet a Member: Phillip Mahan of Serta Simmons on Talking Risk to the Business in the Language of the Business

White Paper: Data Governance Practices for Cyber Risk Management

FAIRCON21 Becomes a Fully Virtual Conference

Meet a Member: Michael Rich of MPI on Growing His Own Quantitative Risk Management Program

Summer 2021 FAIR Book Club Ends with Advice on Risk Management and Metrics

Meet a Member Video: Marc Krevinghaus, Managing Director, MAKINSIGHTS, Bringing FAIR to North and South America

FAIR Institute Summer Book Club 2021 Part 5 - Techniques for Perfecting Risk Analysis

3 Ways FAIR Integrates with Your Existing Cybersecurity Programs

FAIR Terminology 101 – Risk, Threat Event Frequency and Vulnerability

Summer Book Club 2021 Part 4 – This Week, Key Skills: Scoping, Data Gathering, Reviewing Analysis

IBM’s 'Cost of a Data Breach Report 2021' Recommends FAIR Risk Quantification

Meet a Member: Tom Keogh, Square1 Risk, on How to Talk to Business Leaders about Quantitative Risk Management

Honoring Excellence in Information and Operational Risk Management: Submit Your Nominations for the 2021 FAIR Awards!

4 Small Steps to Get Started with Risk Quantification

Who Uses FAIR? Six Organizations Leading the Way on Cyber Risk Quantification

Summer Book Club Part 3 – Reading the FAIR Book on Analysis Process -- Plus: Answer Quiz, Win FAIR Swag!

Why Risk Teams Should Be Champions for Data Governance in Fintech Firms

Return of the Summer Book Club Reading the FAIR Book, Part 2: Basics of Risk Concepts and Measurement

Introducing the FAIR Wear Online Shop

Help Educate the Community: Submit Your Presentation Today to Speak at FAIRCON21!

ACCA Urges Accountants to Play a Leading Role in Assessing and Communicating Risk

Return of the FAIR Institute Summer Book Club – Let’s Read & Discuss the FAIR Book Together

Register Now for the 2021 FAIR Conference!

Prioritizing Cloud Security Controls Using FAIR

How to Quantify Total Cyber Risk for an IT Asset with FAIR

Watch this ISACA Webinar for an Introduction to FAIR Cyber Risk Quantification by the Two Jacks (Jones and Freund)

Daniel Kahneman’s Book 'Noise' Sounds the Same Alarms about Muddled Decision-Making as the FAIR Movement

SEC vs. First American Financial Sends a Message – Identify and Disclose Top Cyber Risk or We’ll Fine You

Watch the ‘Women in Cyber Risk’ Webinar on Building a Satisfying Career in Information Security and Risk Management

Been There, Done That: 5 Bits of Advice on Setting Up Your FAIR Risk Management Program from 6 Experienced FAIR Institute Members

Meet the Members: Tyanna Smith and Jack Whitsitt, FAIR Cyber Risk Managers at Datto, on How to Stop Talking in Circles about Risk

Senate Confirms Chris Inglis, Former NSA Deputy Director and FAIR Conference Speaker, to Be National Cyber Director

Calculating Your Company’s Total Cybersecurity Risk Exposure (Part 2)

Analyze the Risk of Ransomware – 5-Step Guide for Quantitative Analysis

Milestones: 1,000 Achieve Open FAIR Certification, Boosting Careers in Cyber Risk Analysis, Risk Management and Cybersecurity

Considering FAIR? Listen to this CISO’s Journey to Quantification

Meet a Member: John Linford, Security Forum Director, The Open Group, on What's Ahead for the Open FAIR Standard

“What They Didn’t Teach You in FAIR School” – Ground-level Insights on Building a Successful Quantitative Risk Analysis Program from Jack Whitsitt

Save The Date for the 2021 FAIR Conference

Meet a Member: Sounil Yu, Creator of the Cyber Defense Matrix and CISO, JupiterOne, on Training Your Organization to Re-think Cyber Risk

Register for the Webinar - Women in Cyber Risk: Redefining the Future of Cyber Risk

Three Tips to Make Cyber Risk Quantification Work for Your General Counsel as Well

Meet a Member: Drew Simonis, Deputy CISO, HPE, on How Risk Analysts Can Connect with Business Leaders

Jack Jones Previews the FAIR Controls Analytics Model (FAIR-CAM) at the 2021 RSA Conference

Jack Jones on the Cybersecurity Executive Order: Bold Changes, but Missed Opportunity for Measuring Risk?

Watch the RSAC21 Seminar: Intro to Managing and Communicating Cyber Risk in Business Terms with FAIR

Meet the Members: Michael Lewis and Ashish Shah of Chevron on Bringing FAIR to the Oil and Gas Industry

FAIR Risk Terminology: ‘Vulnerability’ Is ‘Susceptibility’, the Open Group Says

Meet a Member: Chip Block, FAIR Institute Washington Chapter Lead and Pioneer FAIR Consultant, on Where the Quantification Movement Is Going

Risk-Based GDPR Compliance with FAIR – Q&A with European Chapter Co-Chairs Christophe Foret and Tom Callaghan of C-Risk

Meet a Member: Andy Retrum, Managing Director at Protiviti

Hacking the COVID Cold Chain: A Health Care Sector Example of FAIR

Risk Analysis and Worst-Case Thinking

Calculating Your Company’s Total Cybersecurity Risk Exposure (Part 1)

FAIR Institute Events at RSA Conference 2021 – FAIR Training, CISO Success Stories, New Controls Framework from Jack Jones

FAIR Risk Basics: What Is Loss Magnitude?

Create a Forward-Looking Risk Register - Part 2 of Tony Martin-Vegue's 'Modeling the Vulnerability du Jour'

Lawfare Blog Post on Enterprise Cybersecurity Measurement Makes the Case for Integrating FAIR in a 'Modular' Defense

Jack Jones: State ‘Safe Harbor’ Laws Should Promote Effective Cyber Risk Management, Not Just Compliance with Frameworks

New FAIR Institute Member Tiers to Support a Growing Membership Base

Download a 4-Point Primer on FAIR to Share with Your Organization

“Un-FAIR” Attestations: Applying FAIR to Third-Party Risk Management

Meltdown, Spectre, Heartbleed - Risk Modeling the Vulnerability du Jour, Part 1: Framing

Meet a Member: Mary Faulkner, CISO at Thrivent, with Tips on Building Support in the Business for FAIR [Video]

Australia Holding Board Members Responsible for Cyber Risk Exposure – Sydney Chapter Co-Chair Denny Wan Explains How to Comply with FAIR

World Economic Forum Report Advises Boards of Directors to “Understand the Economic Drivers and Impact of Cyber Risk”

Watch Out for these 5 ‘Cyber Risk Quantification’ Methods. They Don’t Support Cost-Effective Risk Management

IBM Sponsors the FAIR Institute to Advance Best Practices in Cyber Risk Management

FAIR Institute Pres. Nick Sanna’s Message to SEC Nominee Gary Gensler: "Stop the Opaqueness of Cyber Risk Reporting"

Cybersecurity Risk, Fiduciary Liability and How to Manage Them from a Board’s Perspective

Meet a Member: Caleb Juhnke, Senior Cyber Risk Analyst, USDA

3 Foundational Videos from Jack Jones on What Is Risk, How FAIR Started, and How to Make a FAIR Quantitative Risk Management Program Work

So You Want to Be a Cyber Risk Analyst

What to Do After You Pitch Quantitative Risk Analysis

What the Texas Utility Disaster Says about Risk Management – with ‘Gray Rhino’ Author Michele Wucker

A Second Look at the Water Utility Hack in Florida with ICS Expert Mike Radigan

Video: How to Turn Your Risk Register Items into Risk Scenarios You Can Quantify with FAIR

Video: How Boards Exercise Proper Cyber Risk Oversight – Tips for Directors from the FAIR Conference

Cyber Insurance Market Is Tight. Protect Yourself with a FAIR Analysis, Says Chip Block

John Carlin, Pioneer of Risk Quantification in Government, Will Lead Cyber Law  Enforcement at Department of Justice

9 Bits of Advice from FAIR Experts for Faster, Better Cyber Risk Analysis

Gartner on Risk Management Post-Pandemic – More Uncertainty, Faster Digital Transformation

Jack Jones: The First 2 Moves Every New CISO Should Make

Video: See BCP Bank’s Mission Statement and Project Plan for FAIR Program Launch

En español: seminario web de caso de uso de la metodología FAIR (use case webinar in Spanish)

Discipline Employees for Email Data Breaches? You May Also Discourage Them from Reporting

CFO.com: FAIR Is “What Good Looks Like in Cybersecurity”

5 Steps to Improve Your Quantitative Risk Management Program in 2021

FAIR Beginner's Guide: What Do the Numbers Mean?

Common Sense: The Underrated Skill in FAIR Analysis

New ISACA White Paper Advises CISOs to Report Cyber Risk to the Board with FAIR

2021 Is the Year of Operationalizing Cyber Risk Quantification

Interview: Jack Jones Talks Lessons of 2020 – and New Research on Controls-to-Risk Mapping, Coming in 2021

FAIR Institute Top 12 Blog Posts of 2020

Video: How Netflix Rethinks Cyber Risk Analysis with FAIR (FAIRCON2020)

Be Prepared for 2021 – Start FAIR Risk Quantification Training Today with Our Best Prices of the Year

Enhancing HIPAA Risk Assessment with FAIR at Cambia Heath (FAIRCON2020 Video)

Video: How to Rapidly Triage Issues with FAIR to Focus on What Matters Most (FAIRCON2020)

Sponsored Webinar: New Capabilities from RiskLens Make FAIR Analysis Faster and Easier

FAIRCON2020 Video: Implementing FAIR Risk Management at DoorDash at ‘1,000 Miles a Minute’

How to Factor Worst-Case Cyber Events into Risk Analysis - Jack Freund on the Cyentia "Xtreme" Report

Video: FAIR Risk Analysis for Daily Decision Support at Major Healthcare and Retail Organizations (FAIRCON2020)

3 Steps to Combine MITRE ATT&CK and FAIR to Focus Cyber Risk Management

Considering FAIR? We Provide Executive Briefings Tailored for Your Organization

Harvard Survey Finds FAIR Top Cyber Risk Quantification Choice

How to Win Buy-in for a FAIR Quantitative Risk Management Program

Gartner’s Khushbu Pratap on the Drivers for Cyber Risk Management and Digital Transformation (FAIRCON2020 Video)

FAIRCON2020 Video: How Cimpress Prioritizes NIST CSF Activities with FAIR and the MITRE ATT&CK Framework

FAIRCON2020 Video: How Highmark Health Combines FAIR and HITRUST for Better Cyber Risk Management

FAIR Institute Reaches 10,000 Members in Less than 5 Years

FAIRCON2020 Video: DOE and NASA on Building A Quantitative Risk Management Program in the Federal Government

12 Bits of Advice from FAIR Veterans to New FAIR Evangelists

Video: Douglas Hubbard on Optimizing Your Risk Analysis Team (FAIRCON2020)

FAIRCON2020 Panel: How FAIR Can Help Better Integrate Cyber Risk with ERM (Video)

FAIRCON2020 Video: Deputy Comptroller Kevin Greenfield on What the OCC Expects from Banks in Cybersecurity Risk Management and Reporting

Pro Tips for Presenting Results of a FAIR Analysis

What CISOs Should Tell Boards about Cyber Risk – 5 Insights from FAIRCON2020 (Video)

We Agree with Phil Venables that “Cybersecurity Budget Benchmarks Are a Waste of Time” – Better to Focus on Outcomes

5 Tips from CISOs on Making the Move to Quantitative Cyber Risk Management (FAIRCON2020 Video)

FAQ’s about Cyber Risk Disclosure Answered by SEC Cyber Enforcement Chief Kristina Littman at FAIRCON2020 (Video)

How to Find Data for Every One of the FAIR Factors – Wade Baker’s Talk at 2020 FAIR Conference (Video)

FAIR Institute Announces 2020 Winners of Annual Excellence Awards at FAIR Conference

FAIR Institute and HITRUST Plan Integration of FAIR Standard and HITRUST CSF

FAIRCON2020 Day Two: Gray Rhinos, “FrankenSMEs”, Gartner Forecasts and Advice from FAIR Experts at DOE and E*TRADE Close Out the Cyber Risk Quantification Event of the Year

FAIRCON2020 Day Two Keynote Conversation: Jack Jones and ‘Gray Rhino’ Author Michele Wucker on How to Help the Business Make the Right Decisions on Risks They Struggle to See

FAIRCON2020 Day One: From Reporting to the Board to Triaging Risks - Tips and Insights from Goldman Sachs, Netflix, the SEC, Cigna and More Pioneers of Cyber Risk Quantification

FAIRCON2020 Keynote Discussion: 6 Pieces of  Wisdom from Jack Jones and Phil Venables on What Makes for Better Quantitative Cyber Risk Management

FAIRCON2020 Preview: Defending the US in Cyberspace, with Rep. Mike Gallagher and Chris Inglis, Solarium Commission

Hear from C-Level Security Executives and Officials at the 2020 FAIR Conference on Quantitative Cyber Risk Management

Attend FAIRCON2020 to Meet Expert Partners to Help You Operationalize FAIR at Your Organization

FAIRCON2020 Preview: Real-Life Examples of Reporting to the Board with FIS Global and Protiviti

Meet a FAIRCON2020 Speaker: Cody Scott of NASA on Building A Quantitative Risk Management Program in the Federal Government

FAIRCON2020 Preview: Prioritizing NIST CSF Activities with FAIR - Richard Barretto, Cimpress

Meet a FAIRCON2020 Speaker: Shelley Leibowitz (Director, E*TRADE, MassMutual) on Helping the Board with Cyber Risk Oversight

Thanks for Recommending Cyber Risk Quantification, Wall St. Journal. Now Let Us Introduce You to FAIR

FAIRCON2020 Preview: How to Become a Business-Centric CISO – Omar Khawaja, Highmark Health

FAIR Institute Orientation Webinar: Start Your Journey to Quantitative Cyber Risk Management Here

Meet the Members Podcast: Michael Kromm and Michael Meis, Launching the Kansas City FAIR Institute Chapter

FAIRCON2020 Preview: BCP Bank’s Harold Marcenaro on Supporting Digital Transformation with Quantitative Risk Management

Meet a FAIRCON2020 Speaker: Wade Baker Leads a Presentation on Better Data for Better Decisions

Sponsored Webinar: RiskLens Introduces Rapid Risk Assessment Capability

FAIR Institute Summer Book Club Final Meeting - All 6 Chapter Guides to the FAIR Book Are Right Here

How FAIR Helped Me Rethink 3 IT Audit Questions

A FAIR Beginner’s Guide to FAIRCON2020

Write for the FAIR Institute Blog! Call for Blog Post Submissions

Are You a "Play It Safe" or "Get It Right" Risk Analyst? Take the Test, Learn Your Habits

Using FAIR to Understand Change in Resilience Risk – Guide and Webinar from Protiviti

FAIR Institute Summer Book Club Part 5 – Reading the FAIR Book Together – This Week: Controls and Common Mistakes

How to Set Goals for a Cyber Risk Management Program and Integrate with ERM – Tips from the DOE

NISTIR 8286 Second Draft: Strong Focus on Risk Quantification for Aligning Cyber and Enterprise Risk Management

Tony Martin-Vegue’s Recipe for Passing the OpenFAIR Exam

5 Key Ways FAIR Changes Cybersecurity Paradigms

Watch the Webinar: How Financial Risk Quantification Can Help Federal Agencies Better Integrate Cybersecurity Risk and ERM

FAIR Institute Summer Book Club Part 4 – Reading the FAIR Book Together – This Week: A Walk through a Sample Risk Analysis

2020 FAIR Conference Agenda: Speakers from E*TRADE, Netflix, Energy Dept, ‘Gray Rhino’ Author and Many More, Oct. 6-7

ISACA’s New Risk IT Framework “More Closely Aligned with FAIR,” Jack Jones Finds

Honoring Excellence in Information and Operational Risk Management: Submit Your Nominations for the 2020 FAIR Awards!

ISSA Forms Strategic Alliance with FAIR Institute, Expanding Educational Resources to the Cyber and IT Community

AFERM and FAIR Inst. Webinar: How Federal Agencies Achieve Risk-Based Cybersecurity

FAIR Institute Summer Book Club Part 3 – Reading the FAIR Book Together - This Week: Analysis Process and Results

Key Terms in Cyber Risk Analysis – Test Your Knowledge

Starting Off on the Right Foot: How to Clearly Define a Risk Scenario Statement for FAIR Analysis

Why Rationale Is Crucial in Cyber Risk Quantification

Microsoft Promotes FAIR™ Analysis for Cloud Security Risk

FAIR Institute Announces New Membership Tiers

NACD Cyber Risk Oversight Handbook Endorses Quantification, Cites FAIR - with Help from FAIR Inst. Members Nick Corzine and Ben Havelka of Centene

FAIR Institute Summer Book Club Part 2 – Reading the FAIR Book Together

FAIR Institute Partners with RiskLens to Provide Free FAIR Training to Historically Black Colleges and Universities

NASA’s Risk Management Handbook Shares the Spirit of FAIR™ and Quantitative Risk Analysis

You DO Have Enough Data for a Quantitative Risk Analysis

The 2020 FAIR Conference Is Going Virtual. Submit Your Presentation Today to Speak at FAIRCON2020!

Introducing the FAIR Institute Summer Book Club – Let’s Read & Discuss the FAIR Book Together

Five Questions the Board Should Ask the CISO

Primary vs. Secondary Loss in FAIR™ Analysis: What's the Difference and Why It Matters

How FAIR™ Can Help the US Federal Government Better Prioritize and Right-Size Its Cybersecurity Investments

ISACA Journal Case Study: ‘Building a Rock-Solid ERM Culture on FAIR™’

Webinar: Jack Jones on Changing Executive Priorities and Investments in Security with Risk Quantification

In Hard Times, Remember the 3 F’s of Quantified Cyber Risk Analysis

Sponsored Post: RiskLens Announces New Solutions to Keep Risk Under Control with Lower Security Budgets, Greater Challenges from COVID-19

Webinar: Jack Jones on Lessons for Cyber Risk from Military ‘Situational Awareness’

NIST's Advice: Integrate Cyber Risk with Enterprise Risk Using FAIR™

Why NIST 800-300 and CVSS Are Not Enough for Effective Risk Management - Jack Freund

Drawing FAIR™ Conclusions from Cyentia’s Information Risk Insights Study (IRIS)

Free FAIR™ Fundamentals Training for University Students and Professors

FAIR™ Institute Local Chapters Moving to Virtual Events to Continue Education on Cyber Risk Quantification

Watch These Videos of FAIR™ Experts from RSA Conference 2020

Amazon S3 Bucket Data Breaches – a FAIR™ Risk Analysis

FAIR™ Analysis Case Study Webinar: Decrease Risk from Employees Working at Home

Cyberspace Solarium Commission Proposes Amending Sarbanes-Oxley to Include Cybersecurity

Time to Review Your Insurance Protection with a FAIR™ Approach, Says Chip Block

Video: Jack Jones and ‘Gray Rhino’ Author Michele Wucker Talk Why We Don’t See Risks Coming

Vote Today: FAIR™ Nominated as “Cyber Risk Model of the Year” in the Advisen Cyber Risk Awards for Second Year in a Row

From a FAIR™ Institute Perspective, COVID-19 Isn’t a Black Swan. It’s a Gray Rhino

Meet a Member Podcast: Michael Kenney, Freddie Mac, Starting with FAIR™ from the Operational Risk Side

Jack Jones on How the COVID-19 Pandemic Is Likely to Affect Cybersecurity Programs

Poll: FAIR™ Institute Members Say Work from Home Will Be Top Risk Category in Business Continuity Planning


Subscribe to Email Updates

Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts