FAIR Institute Blog

Identifying the Right Risk Scenarios to Measure with FAIR

How CISOs Can ‘Own’ High Value Business Activities with FAIR

Quantifying Cyber Risk in Healthcare with FAIR: A Short Guide

3 New Ways to Think about Cybersecurity Controls

Jack Jones Speaks at RSAC 2022 on AI, Automation, the Future of Risk Measurement and What It Will Take to Get There

Meet a Member Podcast: Michael Meis, Associate CISO, U. of Kansas Health System on Two Big Business Questions FAIR Answers

FDA Proposes a “Probabilistic,” Scenario-based Approach for Medical Device Cyber Risk

Understanding and Managing Skeptical Stakeholder Reaction to Quantitative Cyber Risk Analysis

FAIRCON22 Use Case Presentations Will Show Practical Results of CRQ – Get Your Early Bird Tickets by May 31

Hear Jack Jones on the Future of Cyber Risk Measurement at RSAC22, June 8

Dos and Don’ts of Using CVSS Scores in Cyber Risk Management

7 Basic Tools for FAIR Cyber Risk Analysis

10 Reasons Why FAIR Is Winning

Harvard Law Article: SEC Proposed Rules a “Game Changer” for Reporting Cyber Risk in Financial Terms

RSA Conference 2022: FAIR Training plus Jack Jones Seminar on the Future of Cyber Risk Management

Jack Jones: Automating Cyber Risk Quantification (Part 5 of 5)

How CISOs Can Think Like Business Leaders -- Advice from Michael Carr, CISO at Health First

Jack Jones: Automating Cyber Risk Quantification (Part 4 of 5)

Present Your Stories About Scaling a Risk Management Program - Speak at FAIRCON22

Jack Jones: Automating Cyber Risk Quantification (Part 3 of 5)

Sharpen Your FAIR Skills with these Resources

Jack Jones: Automating Cyber Risk Quantification (Part 2 of 5)

Member Survey Results: High Interest in FAIR-CAM, High Concern on Ransomware

Jack Jones: Automating Cyber Risk Quantification (Part 1 of 5)

Meet a Member Podcast: Cedric De Carvalho of Richemont on Introducing FAIR to 26 Lines of Business

7 Bits of Advice on Scaling FAIR Risk Management to the Enterprise Level

Analyzing Privacy Risk Using FAIR

Register Now for the 2022 FAIR Conference

Insights from Dropbox on Building a Quantitative Cyber Risk Management Program

RiskLens Debuts Self-Service Cyber Risk Quantification Tool at 2022 FAIR Conference Series

What’s the Risk Reduction Effect of NIST CSF Maturity Scores? Jack Jones and the FAIR-CAM Team Are Working on It

SEC Proposes Rules for Faster, More Defensible Cyber Risk Reporting. It Could Do Better Still

James Lam on Do’s and Don’ts of Reporting on Cyber Risk to the Board

CRQ For All: Introducing My Cyber Risk Benchmark from RiskLens (Sponsored Post)

Energy Department Presents a FAIR-based Risk Management Model for Federal Government

Senate Passes 'Strengthening American Cybersecurity Act,' Requires a Federal Cyber Risk Model

FAIR vs. Proprietary Cyber Risk Analysis Models: What’s the Difference? Jack Jones Explains

How Long Does It Take to Launch a FAIR Program?

4 Ways FAIR Cyber Risk Analysis Saves Money

How to Hire a FAIR Cyber Risk Analyst

Highlights from the First Event in the 2022 FAIR Conference Series, with Use Cases from Dropbox, Dept. of Energy and More

A Solution for Measuring Inherent Risk

New FAIR Conference Series Starts Feb. 24 with Jack Jones on FAIR-CAM, James Lam on Board Reporting and Case Studies from Department of Energy, Thrivent Financial and Dropbox

Help the FAIR Institute Better Meet Your Needs in 2022. Take a Quick Survey

3 Risk Identification Questions You Should Be Asking

Human Nature in Our FAIR Risk Programs: Work With It, Not Against It

Meet a Member: Freddie Mac's Robert Herse on Flexible Thinking on Cyber Risk with FAIR

Cyber Risk Management: Establishing a Blueprint with FAIR

Study Finds Employees Will Violate Security Policy to Get Their Work Done – FAIR-CAM Helps to Solve the Problem

3 Quick Steps for FAIR Program Maturity

SEC Chair Gensler Signals Tighter Cybersecurity Reporting Coming, Opening the Way for Risk Quantification

Leading Advocate for Cybersecurity Rep. Jim Langevin to Leave Congress

Low-Cost Ways to Start a Quantitative Cyber Risk Management Program

4 Ways to Use FAIR Cyber Risk Analysis for Business Decisions

How Cyber Risk Management Is Like Buying a Bike for Your Daughter – Understanding the FAIR Controls Analytics Model (FAIR-CAM)

FAIR Institute Calls on SEC to Require Disclosure of Top Cyber Risks in Financial Terms

4 Counterintuitive Insights into Cyber Risk Management from the FAIR Conference

Meet a Member Podcast: Bob Dooling of Redox on the Journey from Pen Tester to FAIR Practitioner

Jack Jones: In 2022, the New FAIR Controls Analytics Model (FAIR-CAM) Begins to Redefine Risk Management Maturity

The FAIR Institute’s 8 Most Popular Blog Topics Published in 2021

FAIR Institute in 2021: FAIR-CAM Released, Membership & Training at New Highs, Another Big Turnout for FAIRCON

Jack Jones on Log4j: Take these Steps to Prepare for the Next Zero-Day Exploit

A New Approach to Data for Faster FAIR Quantitative Risk Analysis

Quantifying Cyber Risk Alongside Operational Risk with FAIR

Case Study: Analyze Ransomware Risk for a Bank, Satisfy Financial Regulators

FAIR for Government Resilience: Sonoma County, CA, Quantifies Disaster Risk

CISA Looks to Quantify National Risk from Cyber Attacks

3 Things About Controls Your Cybersecurity Staff May Not Be Telling You

FAIR Use Case: Introducing Quantitative Risk Management at Fashion Group Richemont

5 Metrics for Cyber Risk Resilience – Advice from a Federal Reserve Expert

Jack Jones: The Quality of Qualitative Risk Measurement (Continued)

Who Owns Cyber Risk? The Answer Isn’t Clear in Many Organizations

Jack Jones: The Quality of Qualitative Risk Measurements

Reporting to the Board on Cyber Risk: 2 Charts to Tell Your Story

Tools and Tips to Start a FAIR Program across Your Organization

Jack Jones: What Do Qualitative and Quantitative Risk Measurements Have in Common?

4 Tips to Launch Cyber Risk Quantification at a Global Company

4 Questions and 4 Action Steps to Get a FAIR Program Off the Ground

Use Case for FAIR-CAM: Rapid Policy Exception Management

Meet a Member: Brad Carvellas, CISO, The Guthrie Clinic, on FAIR for Healthcare Organizations

Your Competitor Got Hacked. What’s Your Cyber Risk? 6 Questions to Answer

CISOs: To Build Cyber Resilience, Start with Your People

How HPE Is Transitioning FAIR from Cyber to Enterprise Risk Management

Meet a Member: Zach Cossairt of Equinix on the Human Element in Risk Quantification

Gartner’s John Wheeler on the New Risk Management of the COVID Era (FAIRCON21 Keynote)

FAIRCON21 Day Two: Jack Jones Releases FAIR-CAM™ and Risk Management Leaders Share the Latest on Data Science, Board Reporting, Critical Infrastructure and More

At FAIRCON21, Jack Jones Introduces the FAIR Controls Analytics Model (FAIR-CAM™), the Standard for Measuring the Effectiveness of Cybersecurity Controls

2021 FAIR Awards Honor Risk Management Innovators and Advocates from Equinix, Fannie Mae, C-Risk

FAIRCON21 Day One: Achieving Cyber Resilience with Advice from IBM, HPE, Federal Reserve, Netflix, and More FAIR Risk Management Leaders

Guide to the 2021 FAIR Conference: Tracks on Building Resilience, Board Communication, Data for Analysis, and Much More

Using Risk Quantification to Reach Your Zero Trust Goals

Coming to FAIRCON21: New Modeling, Prepared Data Products for Faster, Better FAIR Analysis

How to Build a Great Foundation for a FAIR Cyber Risk Quantification Program – Learn from Netflix

PRMIA Survey Finds Data a Major Pain Point for Risk Managers

Federal Reserve Warns on Financial System Cyber Risk – Take Steps to Build Resilience

Meet a FAIRCON21 Speaker: Seth Mowbray, Senior Analyst, GEHA, on FAIR for Operational Risk

Meet a FAIRCON21 Speaker: Josh Malnourie, Blue Cross Blue Shield North Dakota, on FAIR for Third Party Risk Assessment

FAIR Conference, Oct. 20: Jack Jones to Introduce FAIR-CAM™ to Quantify Effectiveness of Cybersecurity Controls

Beginner Webinar: How to Start a FAIR Quantitative Risk Analysis Program – Finding Data and Use Cases

After the Meris IT Botnet Attacks, Assess Your Risk from DDoS with FAIR Analysis

2021 FAIR Conference Agenda: IBM, Netflix, DHS, HPE on Staying Resilient in Tough Times – Plus, Jack Jones Releases FAIR Controls Analytics

Meet a Member: Phillip Mahan of Serta Simmons on Talking Risk to the Business in the Language of the Business

White Paper: Data Governance Practices for Cyber Risk Management

FAIRCON21 Becomes a Fully Virtual Conference

Meet a Member: Michael Rich of MPI on Growing His Own Quantitative Risk Management Program

Summer 2021 FAIR Book Club Ends with Advice on Risk Management and Metrics

Meet a Member Video: Marc Krevinghaus, Managing Director, MAKINSIGHTS, Bringing FAIR to North and South America

FAIR Institute Summer Book Club 2021 Part 5 - Techniques for Perfecting Risk Analysis

3 Ways FAIR Integrates with Your Existing Cybersecurity Programs

FAIR Terminology 101 – Risk, Threat Event Frequency and Vulnerability

Summer Book Club 2021 Part 4 – This Week, Key Skills: Scoping, Data Gathering, Reviewing Analysis

IBM’s 'Cost of a Data Breach Report 2021' Recommends FAIR Risk Quantification

Meet a Member: Tom Keogh, Square1 Risk, on How to Talk to Business Leaders about Quantitative Risk Management

Honoring Excellence in Information and Operational Risk Management: Submit Your Nominations for the 2021 FAIR Awards!

4 Small Steps to Get Started with Risk Quantification

Who Uses FAIR? Six Organizations Leading the Way on Cyber Risk Quantification

Summer Book Club Part 3 – Reading the FAIR Book on Analysis Process -- Plus: Answer Quiz, Win FAIR Swag!

Why Risk Teams Should Be Champions for Data Governance in Fintech Firms

Return of the Summer Book Club Reading the FAIR Book, Part 2: Basics of Risk Concepts and Measurement

Introducing the FAIR Wear Online Shop

Help Educate the Community: Submit Your Presentation Today to Speak at FAIRCON21!

ACCA Urges Accountants to Play a Leading Role in Assessing and Communicating Risk

Return of the FAIR Institute Summer Book Club – Let’s Read & Discuss the FAIR Book Together

Register Now for the 2021 FAIR Conference!

Prioritizing Cloud Security Controls Using FAIR

How to Quantify Total Cyber Risk for an IT Asset with FAIR

Watch this ISACA Webinar for an Introduction to FAIR Cyber Risk Quantification by the Two Jacks (Jones and Freund)

Daniel Kahneman’s Book 'Noise' Sounds the Same Alarms about Muddled Decision-Making as the FAIR Movement

SEC vs. First American Financial Sends a Message – Identify and Disclose Top Cyber Risk or We’ll Fine You

Watch the ‘Women in Cyber Risk’ Webinar on Building a Satisfying Career in Information Security and Risk Management

Been There, Done That: 5 Bits of Advice on Setting Up Your FAIR Risk Management Program from 6 Experienced FAIR Institute Members

Meet the Members: Tyanna Smith and Jack Whitsitt, FAIR Cyber Risk Managers at Datto, on How to Stop Talking in Circles about Risk

Senate Confirms Chris Inglis, Former NSA Deputy Director and FAIR Conference Speaker, to Be National Cyber Director

Calculating Your Company’s Total Cybersecurity Risk Exposure (Part 2)

Analyze the Risk of Ransomware – 5-Step Guide for Quantitative Analysis

Milestones: 1,000 Achieve Open FAIR Certification, Boosting Careers in Cyber Risk Analysis, Risk Management and Cybersecurity

Considering FAIR? Listen to this CISO’s Journey to Quantification

Meet a Member: John Linford, Security Forum Director, The Open Group, on What's Ahead for the Open FAIR Standard

“What They Didn’t Teach You in FAIR School” – Ground-level Insights on Building a Successful Quantitative Risk Analysis Program from Jack Whitsitt

Save The Date for the 2021 FAIR Conference

Meet a Member: Sounil Yu, Creator of the Cyber Defense Matrix and CISO, JupiterOne, on Training Your Organization to Re-think Cyber Risk

Register for the Webinar - Women in Cyber Risk: Redefining the Future of Cyber Risk

Three Tips to Make Cyber Risk Quantification Work for Your General Counsel as Well

Meet a Member: Drew Simonis, Deputy CISO, HPE, on How Risk Analysts Can Connect with Business Leaders

Jack Jones Previews the FAIR Controls Analytics Model (FAIR-CAM) at the 2021 RSA Conference

Jack Jones on the Cybersecurity Executive Order: Bold Changes, but Missed Opportunity for Measuring Risk?

Watch the RSAC21 Seminar: Intro to Managing and Communicating Cyber Risk in Business Terms with FAIR

Meet the Members: Michael Lewis and Ashish Shah of Chevron on Bringing FAIR to the Oil and Gas Industry

FAIR Risk Terminology: ‘Vulnerability’ Is ‘Susceptibility’, the Open Group Says

Meet a Member: Chip Block, FAIR Institute Washington Chapter Lead and Pioneer FAIR Consultant, on Where the Quantification Movement Is Going

Risk-Based GDPR Compliance with FAIR – Q&A with European Chapter Co-Chairs Christophe Foret and Tom Callaghan of C-Risk

Meet a Member: Andy Retrum, Managing Director at Protiviti

Hacking the COVID Cold Chain: A Health Care Sector Example of FAIR

Risk Analysis and Worst-Case Thinking

Calculating Your Company’s Total Cybersecurity Risk Exposure (Part 1)

FAIR Institute Events at RSA Conference 2021 – FAIR Training, CISO Success Stories, New Controls Framework from Jack Jones

FAIR Risk Basics: What Is Loss Magnitude?

Create a Forward-Looking Risk Register - Part 2 of Tony Martin-Vegue's 'Modeling the Vulnerability du Jour'

Lawfare Blog Post on Enterprise Cybersecurity Measurement Makes the Case for Integrating FAIR in a 'Modular' Defense

Jack Jones: State ‘Safe Harbor’ Laws Should Promote Effective Cyber Risk Management, Not Just Compliance with Frameworks

New FAIR Institute Member Tiers to Support a Growing Membership Base

Download a 4-Point Primer on FAIR to Share with Your Organization

“Un-FAIR” Attestations: Applying FAIR to Third-Party Risk Management

Meltdown, Spectre, Heartbleed - Risk Modeling the Vulnerability du Jour, Part 1: Framing

Meet a Member: Mary Faulkner, CISO at Thrivent, with Tips on Building Support in the Business for FAIR [Video]

Australia Holding Board Members Responsible for Cyber Risk Exposure – Sydney Chapter Co-Chair Denny Wan Explains How to Comply with FAIR

World Economic Forum Report Advises Boards of Directors to “Understand the Economic Drivers and Impact of Cyber Risk”

Watch Out for these 5 ‘Cyber Risk Quantification’ Methods. They Don’t Support Cost-Effective Risk Management

IBM Sponsors the FAIR Institute to Advance Best Practices in Cyber Risk Management

FAIR Institute Pres. Nick Sanna’s Message to SEC Nominee Gary Gensler: "Stop the Opaqueness of Cyber Risk Reporting"

Cybersecurity Risk, Fiduciary Liability and How to Manage Them from a Board’s Perspective

Meet a Member: Caleb Juhnke, Senior Cyber Risk Analyst, USDA

3 Foundational Videos from Jack Jones on What Is Risk, How FAIR Started, and How to Make a FAIR Quantitative Risk Management Program Work

So You Want to Be a Cyber Risk Analyst

What to Do After You Pitch Quantitative Risk Analysis

What the Texas Utility Disaster Says about Risk Management – with ‘Gray Rhino’ Author Michele Wucker

A Second Look at the Water Utility Hack in Florida with ICS Expert Mike Radigan

Video: How to Turn Your Risk Register Items into Risk Scenarios You Can Quantify with FAIR

Video: How Boards Exercise Proper Cyber Risk Oversight – Tips for Directors from the FAIR Conference

Cyber Insurance Market Is Tight. Protect Yourself with a FAIR Analysis, Says Chip Block

John Carlin, Pioneer of Risk Quantification in Government, Will Lead Cyber Law  Enforcement at Department of Justice

9 Bits of Advice from FAIR Experts for Faster, Better Cyber Risk Analysis

Gartner on Risk Management Post-Pandemic – More Uncertainty, Faster Digital Transformation

Jack Jones: The First 2 Moves Every New CISO Should Make

Video: See BCP Bank’s Mission Statement and Project Plan for FAIR Program Launch

En español: seminario web de caso de uso de la metodología FAIR (use case webinar in Spanish)

Discipline Employees for Email Data Breaches? You May Also Discourage Them from Reporting

CFO.com: FAIR Is “What Good Looks Like in Cybersecurity”

5 Steps to Improve Your Quantitative Risk Management Program in 2021

FAIR Beginner's Guide: What Do the Numbers Mean?

Common Sense: The Underrated Skill in FAIR Analysis

New ISACA White Paper Advises CISOs to Report Cyber Risk to the Board with FAIR

2021 Is the Year of Operationalizing Cyber Risk Quantification

Interview: Jack Jones Talks Lessons of 2020 – and New Research on Controls-to-Risk Mapping, Coming in 2021

FAIR Institute Top 12 Blog Posts of 2020

Video: How Netflix Rethinks Cyber Risk Analysis with FAIR (FAIRCON2020)

Be Prepared for 2021 – Start FAIR Risk Quantification Training Today with Our Best Prices of the Year

Enhancing HIPAA Risk Assessment with FAIR at Cambia Heath (FAIRCON2020 Video)

Video: How to Rapidly Triage Issues with FAIR to Focus on What Matters Most (FAIRCON2020)

Sponsored Webinar: New Capabilities from RiskLens Make FAIR Analysis Faster and Easier

Content not found

Subscribe to Email Updates

Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts