FAIR Institute Blog

Are You a "Play It Safe" or "Get It Right" Risk Analyst? Take the Test, Learn Your Habits

Using FAIR to Understand Change in Resilience Risk – Guide and Webinar from Protiviti

FAIR Institute Summer Book Club Part 5 – Reading the FAIR Book Together – This Week: Controls and Common Mistakes

How to Set Goals for a Cyber Risk Management Program and Integrate with ERM – Tips from the DOE

NISTIR 8286 Second Draft: Strong Focus on Risk Quantification for Aligning Cyber and Enterprise Risk Management

Tony Martin-Vegue’s Recipe for Passing the OpenFAIR Exam

5 Key Ways FAIR Changes Cybersecurity Paradigms

Watch the Webinar: How Financial Risk Quantification Can Help Federal Agencies Better Integrate Cybersecurity Risk and ERM

FAIR Institute Summer Book Club Part 4 – Reading the FAIR Book Together – This Week: A Walk through a Sample Risk Analysis

2020 FAIR Conference Agenda: Speakers from E*TRADE, Netflix, Energy Dept, ‘Gray Rhino’ Author and Many More, Oct. 6-7

ISACA’s New Risk IT Framework “More Closely Aligned with FAIR,” Jack Jones Finds

Honoring Excellence in Information and Operational Risk Management: Submit Your Nominations for the 2020 FAIR Awards!

ISSA Forms Strategic Alliance with FAIR Institute, Expanding Educational Resources to the Cyber and IT Community

AFERM and FAIR Inst. Webinar: How Federal Agencies Achieve Risk-Based Cybersecurity

FAIR Institute Summer Book Club Part 3 – Reading the FAIR Book Together - This Week: Analysis Process and Results

Key Terms in Cyber Risk Analysis – Test Your Knowledge

Starting Off on the Right Foot: How to Clearly Define a Risk Scenario Statement for FAIR Analysis

Why Rationale Is Crucial in Cyber Risk Quantification

Microsoft Promotes FAIR™ Analysis for Cloud Security Risk

FAIR Institute Announces New Membership Tiers

NACD Cyber Risk Oversight Handbook Endorses Quantification, Cites FAIR - with Help from FAIR Inst. Members Nick Corzine and Ben Havelka of Centene

FAIR Institute Summer Book Club Part 2 – Reading the FAIR Book Together

FAIR Institute Partners with RiskLens to Provide Free FAIR Training to Historically Black Colleges and Universities

NASA’s Risk Management Handbook Shares the Spirit of FAIR™ and Quantitative Risk Analysis

You DO Have Enough Data for a Quantitative Risk Analysis

The 2020 FAIR Conference Is Going Virtual. Submit Your Presentation Today to Speak at FAIRCON2020!

Introducing the FAIR Institute Summer Book Club – Let’s Read & Discuss the FAIR Book Together

Five Questions the Board Should Ask the CISO

Primary vs. Secondary Loss in FAIR™ Analysis: What's the Difference and Why It Matters

How FAIR™ Can Help the US Federal Government Better Prioritize and Right-Size Its Cybersecurity Investments

ISACA Journal Case Study: ‘Building a Rock-Solid ERM Culture on FAIR™’

Webinar: Jack Jones on Changing Executive Priorities and Investments in Security with Risk Quantification

In Hard Times, Remember the 3 F’s of Quantified Cyber Risk Analysis

Sponsored Post: RiskLens Announces New Solutions to Keep Risk Under Control with Lower Security Budgets, Greater Challenges from COVID-19

Webinar: Jack Jones on Lessons for Cyber Risk from Military ‘Situational Awareness’

NIST's Advice: Integrate Cyber Risk with Enterprise Risk Using FAIR™

Why NIST 800-300 and CVSS Are Not Enough for Effective Risk Management - Jack Freund

Drawing FAIR™ Conclusions from Cyentia’s Information Risk Insights Study (IRIS)

Free FAIR™ Fundamentals Training for University Students and Professors

FAIR™ Institute Local Chapters Moving to Virtual Events to Continue Education on Cyber Risk Quantification

Watch These Videos of FAIR™ Experts from RSA Conference 2020

Amazon S3 Bucket Data Breaches – a FAIR™ Risk Analysis

FAIR™ Analysis Case Study Webinar: Decrease Risk from Employees Working at Home

Cyberspace Solarium Commission Proposes Amending Sarbanes-Oxley to Include Cybersecurity

Time to Review Your Insurance Protection with a FAIR™ Approach, Says Chip Block

Video: Jack Jones and ‘Gray Rhino’ Author Michele Wucker Talk Why We Don’t See Risks Coming

Vote Today: FAIR™ Nominated as “Cyber Risk Model of the Year” in the Advisen Cyber Risk Awards for Second Year in a Row

From a FAIR™ Institute Perspective, COVID-19 Isn’t a Black Swan. It’s a Gray Rhino

Meet a Member Podcast: Michael Kenney, Freddie Mac, Starting with FAIR™ from the Operational Risk Side

Jack Jones on How the COVID-19 Pandemic Is Likely to Affect Cybersecurity Programs

Poll: FAIR™ Institute Members Say Work from Home Will Be Top Risk Category in Business Continuity Planning

Video: How FAIR™ Cyber Risk Analysis Showed the Way to 3 Risk Reduction Wins for Fannie Mae

Podcast: Jack Freund on the Role for FAIR™ Risk Analysts in Business Continuity Planning for Coronavirus

Video: How Ascena Retail Transferred Millions in Risk to 3rd Party Vendors, and More Wins from Its FAIR™ Program

3 Key Values of FAIR™ Risk Analysis (and 3 Reasons Your Organization Should Use It)

You Attended the FAIR™ Seminar at RSA Conference 2020 – Here Are Next Steps to Start Your FAIR Program

Meet the Members Podcast: Paris Chapter Leaders Tom Callaghan and Christophe Foret, Co-Founders of C-Risk

Submit Your Presentation Today to Speak at FAIRCON20!

RSAC 2020 Report – Big Turnout for 2 FAIR Seminars, Breakfast Advice on Starting a FAIR™ Program from Jack Jones and Fannie Mae, Ascena Retail CISOs

Calibrated Estimation for FAIR™ Cyber Risk Quantitative Analysis - Explained in 3 to 4 Minutes

FAIR Institute Announces New Partnership with Cisco Systems, Inc.

Meet a Member Podcast: Alex Rogozhin, Building a FAIR™ Program Bottom Up at Truist

See You at RSA Conference 2020 with Many FAIR™ Events on the Agenda

Shopping for Cyber Loss Data

Meet the Members Podcast: Nathan Thomack and Nick Corzine, Launching the St. Louis FAIR™ Institute Chapter

'Why Is the Healthcare Industry Still So Bad at Cybersecurity?' Let's Start with Risk

Webinar on Demand: How Fannie Mae Integrates FAIR™ Cyber Risk Analysis and Threat Intel

4 Rules for a Successful Quantitative Cyber Risk Analysis

Meet a Member Podcast: Chris Golden, Director of Information Security at Horizon Blue Cross Blue Shield of New Jersey

Tips to Prepare for the Open FAIR™ Certification Exam

Cyber Risk Management Maturity Benchmark Survey Results Show Where There’s Room to Improve

NY Fed’s Dire Warning on Cyber Shock to the Banking System – Jack Jones’ FAIR™ Response

Frequently Asked Questions about FAIR™ Training

RSAC20 Seminar: A FAIR™ Approach to Cyber and Technology Risk Measurement

How to Combine NIST CSF and FAIR™ to Drive Better Cyber Risk Decisions – Watch this Webinar on Demand

COSO ERM’s Cyber Risk Guidance Recommends FAIR™ – Interview with ERM Authority James Lam

FAIR™ Fundamentals Training Course Is a Must-Do in 2020

Jack Jones’ 2019 Insights on Building a Cyber Risk Management Program – and Outrunning the Bear

Jack Freund’s Radical Proposal: Admit You Probably Will Get Breached

Geoji Paul of Centene and Nathan Thomack of Emerson on What to Expect in Your FAIR™ Journey

NIST CSF Adds FAIR™, Videos from FAIR Conference 2019, and More Top 5 Topics of Our Blog in 2019

Win Converts to FAIR™. Quote Jack Freund’s Manifesto in the ISACA Newsletter

2019 FAIR Institute Growth Leads to the Launch of Three New Local Chapters

FAIRCON19 Video: Integrating Cyber Risk into ERM with Experts from BlackRock, DTCC, Freddie Mac

Unprecedented Presence for FAIR™ and Cyber Risk Quantification Coming at RSA Conference 2020

FAIRCON19 Video: Managing Third-party Cyber Risk with RiskRecon, Horizon Blue Cross, and Cyentia Institute

(Video) Meet a Member: Robert Immella, Senior Information Security Risk Analyst, KeyBank

FAIRCON 19 Video: How MassMutual Closes the Risk Management Loop with FAIR™

3 Lessons We Learned from Our Introduction of FAIR™ at Swisscom

Save The Date and Secure Your Budget for the 2020 FAIR Conference!

Listen to the Webinar: 3 Steps to FAIR™ Program Success at Highmark Health

Register for the 2019 Risk Management Maturity Benchmark Survey Results Webinar

FAIRCON19 Video: Use Case Panorama – FAIR™ Practitioner Success Stories from BB&T, Swisscom, Fidelity Investments and Daimler Mobility

(Video) Meet a Member: Brandon Myers, Risk Management and Corporate Security Architect, Mastercard

NIST Maps FAIR to the CSF - Big Step Forward in Acceptance of Cyber Risk Quantification

FAIRCON19 Video: Tips on Building a Cybersecurity Program with a Risk Management Framework & FAIR

FAIRCON19 Video: CISOs from Fannie Mae, Highmark Health, Department of Energy, and Premise Health Talk FAIR Cyber Risk Quantification

(Video) Meet a Member: Daniel Davis, Security Analyst at Lyft

Second Thoughts on Secondary Loss in FAIR.  What Are Your Thoughts?

Federal Reserve Cyber Risk Workshop to Discuss FAIR in Charlotte, NC, Nov. 20, with Jack Jones on Panel

(Video) Meet a Member: Peter Higgins, Director, InfoSec Risk Management, Tyler Technologies

Watch the FAIRCON19 Video: Doug Hubbard on Overcoming the Myths of Cyber Risk Measurement

(Video) Meet a Member: Keith Weinbaum, Enterprise Risk Management Architect, Quicken Loans

Gartner’s John Wheeler: Many Organizations Using IRM and FAIR to Achieve ‘Techquilibrium’

Watch the Video from FAIRCON19: Perfecting a CISO Board Presentation with James Lam and Chris Inglis

Health IT Security Interviews Highmark Health’s Omar Khawaja on How FAIR Drives Security Processes

Watch the Video: Jack Jones FAIRCON19 Keynote “Risk Management Programs that Actually Work”

Watch the Video: Congressional Cybersecurity Leader Jim Langevin to FAIRCON19: “You Are Moving the Country to a Better Place”

(Video) Meet a Member: Annie Lavoie, Director, IT Risk Management, BDC

FAIRCON19 Media Coverage Gets the Message Out about ‘Rethinking Risk Management’

FAIR Institute Announces 2019 Winners of Annual Excellence Awards at FAIR Conference

FAIR Conference 2019 Day 2: Advice on 3rd Party Risk, Pitching the Board, ERM, IRM and Messy Data from Doug Hubbard, Gartner and More

FAIRCON 2019 Day One: Tips on Starting and Evolving a Risk Management Program from B of A, DOE, Quicken Loans and More

Jack Jones FAIRCON19 Keynote: "Enabling Risk Management Programs that Actually Work"

Jack Jones Honored with SC Media Reboot Leadership Award

All-in-One Matrix: Regulatory Compliance Risk Assessment Overview - Updated with NIST CSF + FAIR

No Time to Talk Cyber Risk, Senior Executives Say

See You at the 2019 FAIR Conference Next Week (a Few Seats Still Available)

Creating a Cyber Risk Intelligence Framework with FAIR – Jack Freund in ISSA Journal

‘How to Measure Anything’ Quantification Expert Douglas Hubbard to Speak at 2019 FAIR Conference

FAIR Institute Briefs Congressional Staff at ‘Cyber Day on the Hill’

Three Reasons You Should Get FAIR Certified

Jack Freund in ISACA Blog: Stop Telling Yourself Risk Management Stories

Managing a Cyber Risk Program in an Ever-Evolving Threat Landscape

NIST CSF and FAIR Integration at Cimpress Called “Success Story” by NIST

FAIR Book Co-Author Jack Freund’s Advice on 3rd Party Risk in New ISACA White Paper

Participate in the 3rd Annual 2019 Risk Management Maturity Benchmark Survey

Congressional Cybersecurity Leader Rep. Jim Langevin to Speak at 2019 FAIR Conference

5 More People You’ll Meet at the 2019 FAIR Conference in September

FedScoop: “Increasingly, Federal Agencies Are Joining Industry” in Cyber Risk Quantification

Jack Jones: Quit Blaming Executives for Cybersecurity Problems

Why the FAIR Model…A 4-Point Primer on FAIR to Share with Your Organization

Aggregating Expert Opinion: Simple Averaging Method in Excel

Protiviti Joins FAIR Institute as Founding Sponsor in Advisory Services to Advance the Use of Risk Quantification

[Video] 4 Tips for Starting Your FAIR Program from Musso Shaikh of Fannie Mae

FAIR Institute Launches FAIR Enablement Program

Capital One Breach Shows Cybersecurity Is “Lost in Noise”,  Jack Jones Tells New York Times

GAO Grades Federal Agencies ‘Fail' on Cyber Risk, Accelerating Movement to FAIR

3 Tips on How to Talk to SMEs about Cyber Risk Quantification

Targeting Cybersecurity Investment - a FAIR Approach

‘Healthcare Innovation’ Profiles Highmark FAIR Program: ‘Cybersecurity and Business Align’

Aggregating Expert Opinion in Risk Analysis: An Overview of Methods

FAIR Beginner's Guide: What Do the Numbers Mean?

Meet a Member Podcast: Simone Petrella, CEO, CyberVista, and New FAIR Institute Board Member

Quantifying the Value of Cybersecurity in Dollars & Cents: FAIR Institute and CyberVista CISO Breakfast Meeting at Black Hat

7 People You Will Meet at FAIRCON19

A FAIR-Based Cyber Insurance Claim

[Video] Overcoming 3 Challenges in Your FAIR Risk Analysis Program: Robert Immella, KeyBank

Evaluating Data Retention Risk from GDPR Using FAIR

How to Build a Quantitative Risk Management Program with FAIR – FAIRCON19 Sessions Preview

How You Can Become a FAIR Champion in 5 Steps

FAIR Breakfast Case Study: LPL Financial Realigns Risk Management around FAIR (Video)

3 Tips on Evaluating Cyber Insurance with the FAIR Model

Download 'Understanding Cyber Risk Quantification: The Buyer’s Guide' by Jack Jones

Meet a Member Podcast: Christopher Porter, CISO at Fannie Mae and FAIR Institute Board Member

Honoring Excellence in Information and Operational Risk Management: Submit Your Nominations for the FAIRCON19 Awards!

Meet a Member Podcast: Tim Titcomb, VP, Technology Risk, at Fidelity Investments

Take a Listen to this Webinar: Combining NIST-CSF and FAIR, Quantifying Risk to Drive Better Decision Making

How a Risk Analysis Scope Gets Off Track (and How to Fix It)

Video: Jack Jones Tells Enterprise Security Weekly Infosec Makes Risk Management Harder than It Has to Be

The Economic Impact of ICS Vulnerabilities

3 Steps to Improving IT Hardware Lifecycle Management with FAIR

There's More than One Bear...

ZombieLoad at the Gates - FAIR on Defense

Meet Donna Gallaher, New FAIR Institute Board of Advisors Member and Atlanta FAIR Chapter Leader

The FAIR Institute Launches the Enterprise Membership Program

How to Hire a FAIR Cyber Risk Analyst

How to Start a FAIR Program? Start Small

3 Remedies for Analysis Paralysis

What Makes a Good KRI? Steve Reznik of ADP on Better Metrics through FAIR [VIDEO]

Good or Lucky? 3 Questions to Ask When Cyber Risk Analysis Shows Low Risk

Define Your Company’s Appetite for Risk with FAIR Analysis

3 Ways to Improve Identifying Your Cybersecurity Risks

Vote Today: FAIR Nominated “Cyber Risk Model of the Year”

3 Tips for Making Your IT Audit Job More than Compliance

Meet a Member Podcast: Amjed Saffarini, CEO, CyberVista, Bringing FAIR to the Boardroom

New Standards in Cyber Risk Oversight: Board of Directors Dinner in DC on Sept. 23, 2019

Reserve Your Seat Today for the 2019 FAIR Breakfast Meeting, National Harbor, MD

Three Critical Skills Used by FAIR Risk Analysts

Meet a Member Podcast: Jim Robert, Fidelity Investments, FAIR Institute New England Co-Chair

Cure Your Risk Analysis Paralysis: Balance Accuracy and Precision

3 Ways to Game the System with Qualitative Cyber Risk Analysis (Don’t Do It)

[Video] From the FAIR Breakfast at RSAC, 3 Tips on Introducing FAIR to Your Organization

Meet a Member Podcast: Roland Cloutier of ADP, FAIR Pioneer

Infosecurity Magazine on Jack Jones’ Approach to Risk Appetite: “Draw a Line in the Sand”

FAIR Institute Named One of 'Most Important Industry Organizations of the Last 30 Years' in 2019 SC Awards

Meet 3 FAIR Institute Members from Visa, Scotts Miracle-Gro, and HomeStreet Bank [Video]

Meet a Member Podcast: Jack Freund of TIAA, Co-author of the FAIR Book

Apply Today: Submit your Presentation for FAIRCON19

FAIR Institute Celebrates 3 Years of Changing the Risk Management Industry

Be a Master Chef of Cyber Risk: Whip Up an Analysis from a Few Ingredients

Jack Jones: How Much Risk Does that Risk Represent?

4 Tips to Reality-Check a FAIR Quantitative Risk Analysis

Prepare for Disruption: ERM Expert James Lam’s Advice to Board Directors

At RSAC 2019, Hear Jack Jones and More Leaders in the Cyber Risk Quantification Movement

Security Exception vs. Risk Acceptance: What's the Difference?

FAIR Institute’s Maturity Survey Results Suggest Where Your Organization Can Improve on Cyber Risk Management

Meet 3 FAIR Institute Members from Raytheon, Allstate and Pacific Northwest Laboratory [Video]

Help Us Build a Better FAIR Institute Blog for You. Take This Short Survey

Risk Measurement vs. Risk Blarney in Cyber Analytics