FAIR Institute Blog

Five Questions the Board Should Ask the CISO

Primary vs. Secondary Loss in FAIR™ Analysis: What's the Difference and Why It Matters

How FAIR™ Can Help the US Federal Government Better Prioritize and Right-Size Its Cybersecurity Investments

ISACA Journal Case Study: ‘Building a Rock-Solid ERM Culture on FAIR™’

Webinar: Jack Jones on Changing Executive Priorities and Investments in Security with Risk Quantification

In Hard Times, Remember the 3 F’s of Quantified Cyber Risk Analysis

Sponsored Post: RiskLens Announces New Solutions to Keep Risk Under Control with Lower Security Budgets, Greater Challenges from COVID-19

Webinar: Jack Jones on Lessons for Cyber Risk from Military ‘Situational Awareness’

NIST's Advice: Integrate Cyber Risk with Enterprise Risk Using FAIR™

Why NIST 800-300 and CVSS Are Not Enough for Effective Risk Management - Jack Freund

Drawing FAIR™ Conclusions from Cyentia’s Information Risk Insights Study (IRIS)

Free FAIR™ Fundamentals Training for University Students and Professors

FAIR™ Institute Local Chapters Moving to Virtual Events to Continue Education on Cyber Risk Quantification

Watch These Videos of FAIR™ Experts from RSA Conference 2020

Amazon S3 Bucket Data Breaches – a FAIR™ Risk Analysis

FAIR™ Analysis Case Study Webinar: Decrease Risk from Employees Working at Home

Cyberspace Solarium Commission Proposes Amending Sarbanes-Oxley to Include Cybersecurity

Time to Review Your Insurance Protection with a FAIR™ Approach, Says Chip Block

Video: Jack Jones and ‘Gray Rhino’ Author Michele Wucker Talk Why We Don’t See Risks Coming

Vote Today: FAIR™ Nominated as “Cyber Risk Model of the Year” in the Advisen Cyber Risk Awards for Second Year in a Row

From a FAIR™ Institute Perspective, COVID-19 Isn’t a Black Swan. It’s a Gray Rhino

Meet a Member Podcast: Michael Kenney, Freddie Mac, Starting with FAIR™ from the Operational Risk Side

Jack Jones on How the COVID-19 Pandemic Is Likely to Affect Cybersecurity Programs

Poll: FAIR™ Institute Members Say Work from Home Will Be Top Risk Category in Business Continuity Planning

Video: How FAIR™ Cyber Risk Analysis Showed the Way to 3 Risk Reduction Wins for Fannie Mae

Podcast: Jack Freund on the Role for FAIR™ Risk Analysts in Business Continuity Planning for Coronavirus

Video: How Ascena Retail Transferred Millions in Risk to 3rd Party Vendors, and More Wins from Its FAIR™ Program

3 Key Values of FAIR™ Risk Analysis (and 3 Reasons Your Organization Should Use It)

You Attended the FAIR™ Seminar at RSA Conference 2020 – Here Are Next Steps to Start Your FAIR Program

Meet the Members Podcast: Paris Chapter Leaders Tom Callaghan and Christophe Foret, Co-Founders of C-Risk

Submit Your Presentation Today to Speak at FAIRCON20!

RSAC 2020 Report – Big Turnout for 2 FAIR Seminars, Breakfast Advice on Starting a FAIR™ Program from Jack Jones and Fannie Mae, Ascena Retail CISOs

Calibrated Estimation for FAIR™ Cyber Risk Quantitative Analysis - Explained in 3 to 4 Minutes

FAIR Institute Announces New Partnership with Cisco Systems, Inc.

Meet a Member Podcast: Alex Rogozhin, Building a FAIR™ Program Bottom Up at Truist

See You at RSA Conference 2020 with Many FAIR™ Events on the Agenda

Shopping for Cyber Loss Data

Meet the Members Podcast: Nathan Thomack and Nick Corzine, Launching the St. Louis FAIR™ Institute Chapter

'Why Is the Healthcare Industry Still So Bad at Cybersecurity?' Let's Start with Risk

Webinar on Demand: How Fannie Mae Integrates FAIR™ Cyber Risk Analysis and Threat Intel

4 Rules for a Successful Quantitative Cyber Risk Analysis

Meet a Member Podcast: Chris Golden, Director of Information Security at Horizon Blue Cross Blue Shield of New Jersey

Tips to Prepare for the Open FAIR™ Certification Exam

Cyber Risk Management Maturity Benchmark Survey Results Show Where There’s Room to Improve

NY Fed’s Dire Warning on Cyber Shock to the Banking System – Jack Jones’ FAIR™ Response

Frequently Asked Questions about FAIR™ Training

RSAC20 Seminar: A FAIR™ Approach to Cyber and Technology Risk Measurement

How to Combine NIST CSF and FAIR™ to Drive Better Cyber Risk Decisions – Watch this Webinar on Demand

COSO ERM’s Cyber Risk Guidance Recommends FAIR™ – Interview with ERM Authority James Lam

FAIR™ Fundamentals Training Course Is a Must-Do in 2020

Jack Jones’ 2019 Insights on Building a Cyber Risk Management Program – and Outrunning the Bear

Jack Freund’s Radical Proposal: Admit You Probably Will Get Breached

Geoji Paul of Centene and Nathan Thomack of Emerson on What to Expect in Your FAIR™ Journey

NIST CSF Adds FAIR™, Videos from FAIR Conference 2019, and More Top 5 Topics of Our Blog in 2019

Win Converts to FAIR™. Quote Jack Freund’s Manifesto in the ISACA Newsletter

2019 FAIR Institute Growth Leads to the Launch of Three New Local Chapters

FAIRCON19 Video: Integrating Cyber Risk into ERM with Experts from BlackRock, DTCC, Freddie Mac

Unprecedented Presence for FAIR™ and Cyber Risk Quantification Coming at RSA Conference 2020

FAIRCON19 Video: Managing Third-party Cyber Risk with RiskRecon, Horizon Blue Cross, and Cyentia Institute

(Video) Meet a Member: Robert Immella, Senior Information Security Risk Analyst, KeyBank

FAIRCON 19 Video: How MassMutual Closes the Risk Management Loop with FAIR™

3 Lessons We Learned from Our Introduction of FAIR™ at Swisscom

Save The Date and Secure Your Budget for the 2020 FAIR Conference!

Listen to the Webinar: 3 Steps to FAIR™ Program Success at Highmark Health

Register for the 2019 Risk Management Maturity Benchmark Survey Results Webinar

FAIRCON19 Video: Use Case Panorama – FAIR™ Practitioner Success Stories from BB&T, Swisscom, Fidelity Investments and Daimler Mobility

(Video) Meet a Member: Brandon Myers, Risk Management and Corporate Security Architect, Mastercard

NIST Maps FAIR to the CSF - Big Step Forward in Acceptance of Cyber Risk Quantification

FAIRCON19 Video: Tips on Building a Cybersecurity Program with a Risk Management Framework & FAIR

FAIRCON19 Video: CISOs from Fannie Mae, Highmark Health, Department of Energy, and Premise Health Talk FAIR Cyber Risk Quantification

(Video) Meet a Member: Daniel Davis, Security Analyst at Lyft

Second Thoughts on Secondary Loss in FAIR.  What Are Your Thoughts?

Federal Reserve Cyber Risk Workshop to Discuss FAIR in Charlotte, NC, Nov. 20, with Jack Jones on Panel

(Video) Meet a Member: Peter Higgins, Director, InfoSec Risk Management, Tyler Technologies

Watch the FAIRCON19 Video: Doug Hubbard on Overcoming the Myths of Cyber Risk Measurement

(Video) Meet a Member: Keith Weinbaum, Enterprise Risk Management Architect, Quicken Loans

Gartner’s John Wheeler: Many Organizations Using IRM and FAIR to Achieve ‘Techquilibrium’

Watch the Video from FAIRCON19: Perfecting a CISO Board Presentation with James Lam and Chris Inglis

Health IT Security Interviews Highmark Health’s Omar Khawaja on How FAIR Drives Security Processes

Watch the Video: Jack Jones FAIRCON19 Keynote “Risk Management Programs that Actually Work”

Watch the Video: Congressional Cybersecurity Leader Jim Langevin to FAIRCON19: “You Are Moving the Country to a Better Place”

(Video) Meet a Member: Annie Lavoie, Director, IT Risk Management, BDC

FAIRCON19 Media Coverage Gets the Message Out about ‘Rethinking Risk Management’

FAIR Institute Announces 2019 Winners of Annual Excellence Awards at FAIR Conference

FAIR Conference 2019 Day 2: Advice on 3rd Party Risk, Pitching the Board, ERM, IRM and Messy Data from Doug Hubbard, Gartner and More

FAIRCON 2019 Day One: Tips on Starting and Evolving a Risk Management Program from B of A, DOE, Quicken Loans and More

Jack Jones FAIRCON19 Keynote: "Enabling Risk Management Programs that Actually Work"

Jack Jones Honored with SC Media Reboot Leadership Award

All-in-One Matrix: Regulatory Compliance Risk Assessment Overview - Updated with NIST CSF + FAIR

No Time to Talk Cyber Risk, Senior Executives Say

See You at the 2019 FAIR Conference Next Week (a Few Seats Still Available)

Creating a Cyber Risk Intelligence Framework with FAIR – Jack Freund in ISSA Journal

‘How to Measure Anything’ Quantification Expert Douglas Hubbard to Speak at 2019 FAIR Conference

FAIR Institute Briefs Congressional Staff at ‘Cyber Day on the Hill’

Three Reasons You Should Get FAIR Certified

Jack Freund in ISACA Blog: Stop Telling Yourself Risk Management Stories

Managing a Cyber Risk Program in an Ever-Evolving Threat Landscape

NIST CSF and FAIR Integration at Cimpress Called “Success Story” by NIST

FAIR Book Co-Author Jack Freund’s Advice on 3rd Party Risk in New ISACA White Paper

Participate in the 3rd Annual 2019 Risk Management Maturity Benchmark Survey

Congressional Cybersecurity Leader Rep. Jim Langevin to Speak at 2019 FAIR Conference

5 More People You’ll Meet at the 2019 FAIR Conference in September

FedScoop: “Increasingly, Federal Agencies Are Joining Industry” in Cyber Risk Quantification

Jack Jones: Quit Blaming Executives for Cybersecurity Problems

Why the FAIR Model…A 4-Point Primer on FAIR to Share with Your Organization

Aggregating Expert Opinion: Simple Averaging Method in Excel

Protiviti Joins FAIR Institute as Founding Sponsor in Advisory Services to Advance the Use of Risk Quantification

[Video] 4 Tips for Starting Your FAIR Program from Musso Shaikh of Fannie Mae

FAIR Institute Launches FAIR Enablement Program

Capital One Breach Shows Cybersecurity Is “Lost in Noise”,  Jack Jones Tells New York Times

GAO Grades Federal Agencies ‘Fail' on Cyber Risk, Accelerating Movement to FAIR

3 Tips on How to Talk to SMEs about Cyber Risk Quantification

Targeting Cybersecurity Investment - a FAIR Approach

‘Healthcare Innovation’ Profiles Highmark FAIR Program: ‘Cybersecurity and Business Align’

Aggregating Expert Opinion in Risk Analysis: An Overview of Methods

FAIR Beginner's Guide: What Do the Numbers Mean?

Meet a Member Podcast: Simone Petrella, CEO, CyberVista, and New FAIR Institute Board Member

Quantifying the Value of Cybersecurity in Dollars & Cents: FAIR Institute and CyberVista CISO Breakfast Meeting at Black Hat

7 People You Will Meet at FAIRCON19

A FAIR-Based Cyber Insurance Claim

[Video] Overcoming 3 Challenges in Your FAIR Risk Analysis Program: Robert Immella, KeyBank

Evaluating Data Retention Risk from GDPR Using FAIR

How to Build a Quantitative Risk Management Program with FAIR – FAIRCON19 Sessions Preview

How You Can Become a FAIR Champion in 5 Steps

FAIR Breakfast Case Study: LPL Financial Realigns Risk Management around FAIR (Video)

3 Tips on Evaluating Cyber Insurance with the FAIR Model

Download 'Understanding Cyber Risk Quantification: The Buyer’s Guide' by Jack Jones

Meet a Member Podcast: Christopher Porter, CISO at Fannie Mae and FAIR Institute Board Member

Honoring Excellence in Information and Operational Risk Management: Submit Your Nominations for the FAIRCON19 Awards!

Meet a Member Podcast: Tim Titcomb, VP, Technology Risk, at Fidelity Investments

Take a Listen to this Webinar: Combining NIST-CSF and FAIR, Quantifying Risk to Drive Better Decision Making

How a Risk Analysis Scope Gets Off Track (and How to Fix It)

Video: Jack Jones Tells Enterprise Security Weekly Infosec Makes Risk Management Harder than It Has to Be

The Economic Impact of ICS Vulnerabilities

3 Steps to Improving IT Hardware Lifecycle Management with FAIR

There's More than One Bear...

ZombieLoad at the Gates - FAIR on Defense

Meet Donna Gallaher, New FAIR Institute Board of Advisors Member and Atlanta FAIR Chapter Leader

The FAIR Institute Launches the Enterprise Membership Program

How to Hire a FAIR Cyber Risk Analyst

How to Start a FAIR Program? Start Small

3 Remedies for Analysis Paralysis

What Makes a Good KRI? Steve Reznik of ADP on Better Metrics through FAIR [VIDEO]

Good or Lucky? 3 Questions to Ask When Cyber Risk Analysis Shows Low Risk

Define Your Company’s Appetite for Risk with FAIR Analysis

3 Ways to Improve Identifying Your Cybersecurity Risks

Vote Today: FAIR Nominated “Cyber Risk Model of the Year”

3 Tips for Making Your IT Audit Job More than Compliance

Meet a Member Podcast: Amjed Saffarini, CEO, CyberVista, Bringing FAIR to the Boardroom

New Standards in Cyber Risk Oversight: Board of Directors Dinner in DC on Sept. 23, 2019

Reserve Your Seat Today for the 2019 FAIR Breakfast Meeting, National Harbor, MD

Three Critical Skills Used by FAIR Risk Analysts

Meet a Member Podcast: Jim Robert, Fidelity Investments, FAIR Institute New England Co-Chair

Cure Your Risk Analysis Paralysis: Balance Accuracy and Precision

3 Ways to Game the System with Qualitative Cyber Risk Analysis (Don’t Do It)

[Video] From the FAIR Breakfast at RSAC, 3 Tips on Introducing FAIR to Your Organization

Meet a Member Podcast: Roland Cloutier of ADP, FAIR Pioneer

Infosecurity Magazine on Jack Jones’ Approach to Risk Appetite: “Draw a Line in the Sand”

FAIR Institute Named One of 'Most Important Industry Organizations of the Last 30 Years' in 2019 SC Awards

Meet 3 FAIR Institute Members from Visa, Scotts Miracle-Gro, and HomeStreet Bank [Video]

Meet a Member Podcast: Jack Freund of TIAA, Co-author of the FAIR Book

Apply Today: Submit your Presentation for FAIRCON19

FAIR Institute Celebrates 3 Years of Changing the Risk Management Industry

Be a Master Chef of Cyber Risk: Whip Up an Analysis from a Few Ingredients

Jack Jones: How Much Risk Does that Risk Represent?

4 Tips to Reality-Check a FAIR Quantitative Risk Analysis

Prepare for Disruption: ERM Expert James Lam’s Advice to Board Directors

At RSAC 2019, Hear Jack Jones and More Leaders in the Cyber Risk Quantification Movement

Security Exception vs. Risk Acceptance: What's the Difference?

FAIR Institute’s Maturity Survey Results Suggest Where Your Organization Can Improve on Cyber Risk Management

Meet 3 FAIR Institute Members from Raytheon, Allstate and Pacific Northwest Laboratory [Video]

Help Us Build a Better FAIR Institute Blog for You. Take This Short Survey

Risk Measurement vs. Risk Blarney in Cyber Analytics

3 Key Metrics in Cyber Risk Analytics

Analyzing Privacy Risk Using FAIR

Upcoming FAIR Institute Events in 2019!

FAIRCON18 Video: Catastrophic Cyber Risk Modeling with FAIR

How a CISO Uses FAIR with NIST CSF to Manage Cyber Risk Across Business Units

The Year Ahead in Cyber Risk: 5 Predictions for 2019

SEC Cyber Risk Disclosure Guidance, KRIs for Cybersecurity, Risk Trends for Boards – Most Popular FAIR Institute Blog Posts of 2018

FAIRCON18 Video: How to Identify Key Risk Indicators (KRIs) for Cybersecurity

FAIR Institute Surpasses Expectations in Reaching 4,000 Members in 2018

[Video] FAIRCON18 Panel: Optimizing Cyber Insurance Coverage with FAIR

[Video] FAIRCON18 Panel: How to Get Buy-In for a Quantitative Risk Program

RSVP Today for the 2018 Risk Management Maturity Benchmark Survey Results Webinar

FAIRCON18 Video: A Master Class on Reporting Cyber Risk to the Board

[Video] FAIRCON18 Table Top Exercise: Pay or Not Pay on Ransomware?

Reserve Your Spot Today: FAIR Institute Breakfast During the 2019 RSA Conference

FAIRCON18 Video: Walmart, Cisco, Ascena on ‘Shifting the Discussion to Cost-Effective Decision Making’

13 Reasons Why Heat Maps Must Die

[Video] FAIRCON18 Case Study: Walmart Extends FAIR from Cyber to Operational Risk

Meet a FAIR Institute Partner: Cindy Donaldson, Global Resilience Federation (GRF)

[Video] FAIRCON18 Panel: How FAIR and TBM Work Together to Show the Business Value of Cybersecurity

[Video] FAIRCON18 Panel Explains How to Bridge the Gap Between CISO and CRO

[Video] James Lam’s FAIRCON18 Keynote on ERM, Cybersecurity Oversight and Cyber Risk's Future

A 'Kobayashi Maru' Exercise for ISO31000 Risk Analysis

What Drives Value in Cyber Risk Reporting? 2018 'Cyber Balance Sheet' Answers

[Video] Jack Jones FAIRCON18 Keynote: “Too Often We Fall Back on Easy Answers”

Clarifying "Upside" and "Positive" Risk

Qualitative vs. Quantitative Analysis for Cyber Risk: What’s the Difference?

Wall St. Journal Says ‘FAIR Is Gaining Traction’ in Cyber Risk Analysis

My Top Moments from FAIRCON18 (Photo Gallery)

'Assessing Cyber Risk in Federal Government' – The Inaugural FAIR Institute Federal Government Chapter Breakfast Meeting

FAIRCON 2018 Wrap: Tips on Board Reporting, Cyber Insurance Buying, CISO & CRO Relating

2018 FAIR Awards Honor Risk Management Leaders Jason Ha of PwC, Jack Freund of TIAA and Omar Khawaja of Highmark Health

FAIRCON 2018 Day One: Risk Management Tips from Highmark Health, Walmart, PNC – And a Party at the Warhol

FAIRCON 18 Keynote: Jack Jones Leads the Way to ‘The Next Frontier in Risk Management’

Webinar: Operationalizing FAIR in Your Organization with RiskLens

The Rapid Rise of Cyber Fines Makes FAIR More Important Than Ever

See You in Pittsburgh for FAIRCON 18 Next Week

Announcing the FAIR Institute Chapter in South Africa

7 Steps to Start Risk Assessment – Advice from 3 FAIR Experts in Dark Reading

Jack Jones on the Big Breach: Facebook May Pay but Should They?

The 3 Problems with RCSA & How to Overcome Them with FAIR

FAIR Conference 2018 Will Be 'Movement Central' for Cyber Risk Economics

The ‘Risk Therapist’ on Your Team: When It’s Time for an Intervention

Jack Jones to Speak at NIST Cybersecurity Risk Management Conference

FAIR Institute Announces Finalists for 2018 FAIR Awards

New White Paper by Jack Jones: ‘Managing Cybersecurity Surprises’

Meet Our New Board Member: Zulfikar Ramzan, CTO at RSA Security

Quantify Risk, Baby

How to Use FAIR to Optimize Your Cyber Insurance Coverage

Learn Your Cyber Risk ‘Jobs to Be Done’ at the FAIR Conference

Kim L. Jones Joins FAIR Institute Board, with “Renaissance” Cyber Background

Are You Ready to P(Art)y at FAIRCON18?

Organizational Signals for Changing Risk Appetite

FAIR and IRM Take Center Stage at the RSA Archer Summit

10 Interesting People You Will Meet at FAIRCON18

Announcing Loss Exceedance Charts in the FAIR-U Training App

Take the 2018 Risk Management Maturity Benchmark Survey!

Heat Maps Don’t Support ISO 31000

When Every Risk Is “Medium”

FAIR Institute Partners with CyberVista for Board Director Education

Jack Jones Warns About “False Sense of Security” in Homeland Security

Quantitative Risk Analysis: Just Guesswork with Numbers?

Top 3 Books for New Risk Analysts

Banks Move to FAIR for FFIEC Cybersecurity Risk Assessments

Control Deficiencies Are NOT Risks

Case Study: Demystifying ICS Cyber Risk with FAIR

Concept Creep: Why Cyber Risk Problems Never Get Solved

Fight Your Fear of Forecasting Loss

Gartner Endorses Risk Quantification as Critical to Integrated Risk Management

How to Filter Out ‘Fake Risks’ from Your Risk Register

Announcing the FAIRCON18 Agenda!

Jack Jones in 'Dark Reading': Loose Talk on ‘Risk’ Damages Infosec Profession

FAIRCON18 Awards: Submit Your Nominations Today

IMF Chief Says Finance Sector Urgently Needs Cyber Risk Quantification

Improve Your Resume with Open FAIR Certification (and Save on FAIR Training)

Does NIST CSF 1.1 Endorse Risk Quantification and FAIR?

Learn FAIR Risk Analysis for Process Control from The Open Group

Meet a Member: Grant Bourzikas, CISO and “Customer Zero” at McAfee

Jack Jones and James Lam on NACD Blog: “Get the Right Cybersecurity Reports”

Our Addiction to "Zero Cost" Risk Measurement

OCTAVE FORTE and FAIR Connect Cyber Risk Practitioners with the Boardroom

FAIR Adoption Soars as 3,000 Members Milestone Is Hit

Sharpen Your Cyber Risk Analytics Skills with These Two Techniques

Expert Tips on Adopting FAIR from Our Breakfast Meeting at Gartner

Warren Buffet's Information Security Advice

4 Reasons You Must Define an Asset for FAIR Risk Analysis

Is FAIR a Value-at-Risk Model?

Meet a Member: Omar Khawaja, Introducing FAIR to Highmark Health

In a FAIR Risk Analysis, Don't Collect Data till You Scope

Webinar: Solving the Third-Party Risk Equation at Scale

How to Use DREAD Analysis with FAIR

Should Boards Establish a Separate Risk Committee?

[Webinar on Demand] Crowdsourced Probability Estimates for Cyber Risk Analysis

[Video] FAIR Breakfast at RSAC: Jack Jones on “The Blueprint” for FAIR Program Success

RSA CTO: “People Are Beginning to Think about Security in Risk Terms”

FAIR Institute’s New Cyber Risk Analyst Job Board on Link

A Question of CISO Focus: Technology or Business?

Cyber Risk Is New but FAIR Analysis Applies Time-tested Techniques

KRIs for Cybersecurity: Canaries in Coal Mines

FAIRCON18 Early Bird Pricing Ends May 18 - Don't Miss Out

FAIR Pros Wrap Up RSAC18: The Year of Risk Awareness

Reserve a Spot: FAIR Institute Breakfast at Gartner Security & Risk Management

RSAC 2018: FAIR Among the “Silver Linings” After a Bad Year for Cybersecurity

Finding Your Goldilocks Moment in Cyber Risk Analysis

“From No Data to Drowning in Data – A Reality Check”: Jack Jones Speaks at RSA

How to Model Controls in a FAIR Risk Analysis

FAIR Institute Expands Education Partnerships

RiskRecon to Sponsor the FAIR Institute

FAIR Institute Events at the 2018 RSA Conference

Webinar on Demand: Jack Jones' Tips on SEC Cybersecurity Guidance

Who (or What) Is Really a “Cyber Threat”

Jack Jones Webinar on SEC Cyber Risk Disclosure Guidance: The FAIR Advantage

3 Tips for Better Risk Analysis Reporting

Marketing FAIR to Your Organization

Webinar: FAIR Univ. Curriculum for Next-Generation Cyber Risk Executives

Black Swans in Risk: Myth, Reality and Bad Metaphors

The SEC's New Cyber Risk Disclosure Guidance: Textbook Case for FAIR

The Skeptic's Guide to Cyber Risk Surveys

Is Cyber Risk Measurement Just Guessing? Part 3 (of 3)

FAIR Institute Shaping the Future of Risk Management as It Celebrates 2nd Anniversary

Now Accepting Speaker Submissions for FAIRCON18

Meet a Member: Jason Ha of PwC, Chair of the New FAIR Chapter in Melbourne

Measuring Reputation Loss (and Gain) with Andrea Bonime-Blanc

The SEC’s Cybersecurity Guidance: The Rise of the Investor in the Discussion

Five Critical Cybersecurity Trends that Boards Need to Know

Report from SIRACon: Data + Quantification Beats Dogma

Meet a Member: La'Treall Maddox of Cisco, Co-Chair of New FAIR Chapter in NC

Coming Soon to the FAIR Institute: A New and Improved Member Resources Platform

Join Us on Feb. 23: FAIR University Curriculum Virtual Panel Webinar

Announcing the 2018 FAIR Conference at Carnegie Mellon University

For Better Risk Assessments in SSAE 18 Audits, Try Quantification with FAIR

Is Cyber Risk Measurement Just Guessing? -- Part 2

Webinar: Cyber and the Law (It's Really About the Money)

Key to Success in Risk Analysis? Trust the (FAIR) Process

3 Risk Identification Questions You Should Be Asking

Save the Date: FAIR Institute Breakfast at RSA Conference 2018

Pressing for FAIR: Our Comments and Recommendations on NIST CSF 1.1

The 3 Most Confusing Risk Analysis Terms

3 Ways to Gather Loss Magnitude Data (from Your Cubicle)

How to Analyze Your Risk from GDPR: A FAIR Approach

To Bring Value in a Risk Analysis, Tell a Story and Provide a Solution

How Board Members Can Improve Cyber Risk Oversight in 2018

Ponemon Report on the True Cost of Compliance -- A Missed Opportunity

Jack Jones Looks Forward into 2018 for Cyber and Technology Risk

Year in Review: The FAIR Institute in 2017 [Infographic]

Jack Jones: Is There One Best Risk Metric? [Part 1]

Santa’s Naughty and Nice List for Risk Registers

Just Released: FAIR-U Training Demo Video

Video: How to Balance Risk Management with Regulatory Compliance

4 Tips to Prepare for the Open FAIR Certification Exam

Meet a FAIR Institute Member: Osama Salah, Founder of the Abu Dhabi Chapter

Announcing the FAIR Institute Abu Dhabi Chapter, First in the Gulf Region

4 Key Things FAIR Can Do for Your Organization

Coming Dec. 5: Risk Management Maturity Benchmark Webinar

Video: How to Convince and Convert Your Organization to FAIR

Video: CISOs and Board Members Talk Closing the Communication Gap

Announcing the 2017 Cyber Risk Management Maturity Benchmark Survey Report

Loss Event Frequency Explained in 3 Minutes [Video]

Memoir of My Love Of-FAIR

What Metrics Matter in Risk Management? [Video]

When Non-Compliance Is A-OK [Video]

Jack Jones Interview on the Future of Risk Management [Video]

Standards Groups and Regulators Recognize FAIR

A 6-Step Guide to Becoming FAIR Trained

Q&A: Teaching FAIR to “Security Warriors” at Arizona State University

FAIR Conference 2017: Highlights from the Sessions

Now Available: Practice FAIR with Our Free Training App

A Crash Course on Capturing Loss Magnitude with the FAIR Model

ADP's Roland Cloutier and Bank of America's David Sheronas Honored with 2017 FAIR Awards

Jack Jones’ Top 10 Blog Posts

AML & Sanctions Compliance: Top Operational “Risks” for 2017? – Part 3

Hot Job: Data Protection Officer for the EU’s GDPR

FBI’s Donald Freese Praises FAIR Approach at (ISC)² Security Congress

Case Study: NIST Digital Identity Guidelines and FAIR “Made for Each Other”

Coming Soon: Try FAIR Risk Quantification on Our Free Tool

'Vulnerability' in Risk Analysis, Explained in 2 Minutes [Video]

Q&A: Jack Jones Talks with the Global Association of Risk Professionals (GARP)

Last Chance for the Best Deal at FAIRCON17!

Announcing the FAIR University Program - Building the Next Generation of Risk Management Leaders

4 Tips for Running Risk Analysis Meetings

Is Cyber Risk Measurement Just "Guessing"?

10 Interesting People You’ll Meet at the 2017 FAIR Conference

Benchmark Your Risk Management Team - Take Our Survey

Inherent Risk vs. Residual Risk Explained in 90 Seconds

3 Ways to Get a Risk Analysis Project Off to a Bad Start

Meet a FAIR Institute Member: Wade Baker

A FAIR Budget for Disaster Preparedness

FAIRCON17 Awards: Nominate Your FAIR Champions

Control Assessments Are Not Risk Assessments

Risk Analysis vs. Risk Assessment: What's the Difference?

The Cybersecurity Social Contract: Q&A with Larry Clinton

Missing the Mark on Risk Analysis Without ALE

Where to Find Risk Scenarios to Analyze

Video: What Is Risk? The Bald Tire Scenario [Updated]

FAIR Is Banks 'Most Commonly Used Approach to Quantifying Cyber Threats', says Risk.net

Meet the On-site FAIR Training Instructors of FAIRCON17

Take the 2017 Risk Management Maturity Survey

A FAIR View of Risk Appetite - Part 4 (finally!)

Anatomy of a FAIR Risk Analysis: Confidential Data in Email

5 Things You'll Learn at FAIRCON17

Secrets to Gathering Good Data for a Risk Analysis

Bank CISOs Debate FAIR in Risk.net Article

The Problem with Ransomware Risk Data

Ransomware Risk: Setting Up a FAIR Analysis

Announcing the FAIRCON17 Agenda

New Studies on FAIR for Threat Intelligence, Patient Information from The Open Group

Measuring Reputation Damage in Cyber Risk Analysis - Part 1

Toward a FAIR Notion of Criticality

How Are Risk Treatment Decisions Delegated?

Think You Know Basic Risk Concepts? Take a FAIR Challenge

Announcing the FAIR Institute Chapter in Paris

Meet a FAIR Institute Member: Evan Wheeler

Implementing NIST CSF? Read This First

5 Essentials for a Good Rationale in Risk Analysis

3 More Must-Read Books to Jumpstart Your Career in Risk Management

What Makes a Good Risk Analyst?

4 Most Forgotten Forms of Loss in a Risk Analysis

Metrics? What Metrics? Finding the Missing Link to the NIST Cybersecurity Framework

Cyber Economics: Smarter (vs. More Expensive) Cybersecurity

How to Show Due Diligence to Regulators in a Personal Health Information (PHI) Data Breach

Call for Speakers at FAIRCON17

FAIRCON17 Ticket Registration Now Open

Smart Risk Assessment Starts Here: The Privacy Office

How to Delegate Risk

FAIR On-A-Page: Same Great Model, Fresh New Look

Measuring Cyber Risk Requires Two Models, Not One

Meet a FAIR Institute Member: Bill Barouski

Risks from Regulations: Top Operational 'Risks' for 2017? – Part 2

How to Deal with "Data Challenged" Risk Analyses

'Risk Appetite' vs. 'Risk Tolerance'. What’s the Difference?

Save the Date: 2017 FAIR Conference in Dallas, TX!

5 Habits for Highly Effective Risk Analysis

Using Historical Data

Meet a FAIR Institute Member: Tony Martin-Vegue

Survey Shows How CISOs Fail to Communicate to Boards – And How to Fix It [Infographic]

No Data? No Problem

Internet Security Alliance (ISA), FAIR Institute File Joint Comments on the Proposed 1.1 Update to the NIST Cybersecurity Framework

Pro Tip for FAIR Risk Scenario Analysis: Map It

Join a FAIR Analysis in Action at the Operational Risk Workgroup Meeting April 11

Jack Jones Risk Summit Message: Focus or Fail

What Belongs in a Risk Register?

How FAIR Can Ensure The Success of COSO Risk Management Programs

How to Spot Data Breaches in Audit Trails?

An Immature Maturity Model?

Top Operational “Risks” for 2017?  –  Part 1

Breaking Risk Paradigms with FAIR

How to Think About Likelihood, Probability and Frequency

RSAC 2017 – The Year of Risk

Interval Estimation – Play a Game You Can Win

[Video] "The Characteristics of a Risk-Aligned Leader" by FAIR Author Jack Jones

The FAIR Institute Reaches 1000 Members On Its First Anniversary

Triaging Risk: A Year In The Life Of OpenFAIR - Part 2

[VIDEO] How Risk Quantification Changed A Government Agency's Approach to Decision-Making

Teaching FAIR to College Students

Triaging Risk: A Year In The Life Of OpenFAIR

Connect With Jack Jones At RSA Conference 2017

Take Another Look at Inherent Risk

Jack Jones Teaches FAIR In (ISC)² Webinar

Meet Jack Jones while at the RSA Conference on February 15th

Improving How Cyber Risk Is Reported to the Board

A FAIR Risk Analyst's Take on the NIST CSF 1.1 Draft Update

Cyber Risk Workgroup Discusses "Clarifying Risks"

What Is Vulnerability?

What is Open FAIR™ and Who is The Open Group?

Examining a Defense of NIST 800-30

Calling for FAIR Institute Blog Contributors

[White Paper] A Clarification of "Risks"?

Mark Your Calendar: FAIR Institute Breakfast in San Fran on Feb 15, 2017

Mark Your Calendars For 2017 Cyber Risk Workgroup Calls

Fixing NIST 800-30

FAIR Institute Blog Year-End Roundup

How Do NIST 800-160, Risk Quantification and FAIR Align?

FAIR Insurance Workgroup Announces Group Projects Around FAIR For Insurance Industry

A Different Definition of Risk Management?

Intelligent Adversaries

What About "Positive Risk"? - Part 2

Video Now Available: What's Up In The Boardroom & Conference Highlights

What About "Positive Risk"? - Part 1

Video Now Available: How to Build a Quantitative Risk Management Program

Video Now Available: Measuring DDoS Risk Using FAIR

FAIR Expert To Address ISACA Toronto Chapter On Taking Risk Measurement Seriously

Video Now Available: How To Effectively Communicate About Information Risk To The Board And The Business

Video Now Available: The Future of Information and Operational Risk Analysis

You Can Lead A Horse To Water...

Video Now Available: Presenting The Top 10 Risks To The Board

Takeaways from the Inaugural FAIR Conference 2016

Federal Reserve, OCC, FDIC Proposed Cyber Risk Management Standards Enhancements

[White Paper] Effectively Leveraging Data in FAIR Analyses

Press Release: Chris Cooper (RGA), Joel Baese (Walmart), Named FAIR Awards Winners At Inaugural FAIR Conference Today In Charlotte

Follow Us On Twitter During The FAIR Conference

Leveraging FAIR For Making Effective Cyber Insurance Decisions

Who Should Be Fired?

Press Release: Jack Jones, Jeffrey Kutler to Keynote Inaugural FAIR Conference Oct. 14 at Wake Forest University Charlotte Center

Join The New Cyber Risk Workgroup at the FAIR Institute

There's No Such Thing As Reputation Risk

Press Release: FAIR Institute Announces Inaugural FAIR Conference (FAIRCon), Friday Oct. 14, Uniting Leaders in Information and Operational Risk Management

Enterprise Risk Standards – Where does FAIR fit in?

Using FAIR to Analyze Project-Related Risk - Part 1

New FAIR FAQ Available

Nominate Your FAIR Champions

Jack Jones to Present Case Study on 'Quantifying Cloud Risk' at (ISC)² Security Summit

Dealing With Unknowns In Risk Analysis - Part 2

How to Make a Business Case for Security Training

Dealing With Unknowns In Risk Analysis

Time To Register For FAIR Conference 2016

Press Release: Two Cybersecurity Standards Come Together to Help Organizations Quantify and Prioritize Risk

Students Are Thinking Critically And Gaining New Skills Using Open FAIR

Video: Joining The FAIR Institute As A Student

NIST CSF & FAIR - Part 5

FAIR Institute Profiled By Global Association Of Risk Professionals

Beginning Your Operation Risk Journey with FAIR

Why The Business Should Own Cyber Risk?

Video: Can FAIR Inform Decision Making Around Public Policy?

A FAIR View of Risk Appetite - Part 3

Video: Why Organizations Are Failing At Prioritizing Information Security

5 Must Read Books to Jumpstart Your Career in Risk Management

Life's Uncertainties And The Risk Analysts

A FAIR View of Risk Appetite - Part 2

Video: Introducing the FAIR Academics Workgroup

How Difficult is FAIR to Use?

The Dangers of Being a Cubicle Risk Analyst

FAIR Institute Operational Risk Workgroup: Using FAIR to Understand Operational Risks

Save The Date For The 2016 FAIR Conference

Using FAIR to Manage Operational Risk

A FAIR View of Risk Appetite - Part 1

How to Assess Quality in Cyber Risk Forecasting - Part 3

FAIR Institute Insurance Workgroup: Quantifying Cyber Exposure

FAIR Author, Jack Jones, To Keynote ISSA's Cornerstones of Trust Conference

How to Assess Quality in Cyber Risk Forecasting - Part 2

How to Assess Quality in Cyber Risk Forecasting - Part 1

Video: A FAIR Case Study From Bank of Montreal

Using the FAIR Model to Measure Inherent Risk

How to Prepare for the Open FAIR Certification Exam

NIST CSF & FAIR - Part 4

NIST CSF & FAIR - Part 3

Video: How Was FAIR Started?

How Expected Loss Can Be a Misleading Estimate of Risk

Survey Suggests Confusion Reigns About What Risk Is

What Exactly Is a Risk Decision?

FAIR Book Inducted into the 2016 Cybersecurity Canon

NIST CSF & FAIR - Part 2

How to Bridge the Gap Between Qualitative and Quantitative Risk Analysis

How Threat Intelligence Can Help Third Party Risk Assessments

What Is the Right Level of Precision for Aggregate Risk Analysis?

Order of Magnitude Risk Estimations

How Threat Intelligence Can Drive Risk Analysis

Threat Capability and Resistance Strength: A Weight on a Rope

NIST CSF & FAIR - Part 1

How Threat Intelligence Fits Within Risk Management

Overcoming Obstacles to Risk Quantification - Part 3

FAIR Lessons in Public Safety

Introduction to Threat Intelligence and Risk Management

How Infosec Maturity Models Are Missing The Point

Overcoming Obstacles to Risk Quantification - Part 2

The Inevitable Marriage Between Threat Intelligence and Risk Assessment

Actions Speak Louder Than Words: What is Tactical Risk Analysis?

Overcoming Obstacles to Risk Quantification - Part 1

[PODCAST] How to Apply Socratic Thinking to Build Defensible IT Security Investments

Best Approach to Prioritizing Risks - Part 5

The Pitfalls of Mixing and Matching Risk Models

Unknown Unknowns

Best Approach to Prioritizing Risks - Part 4

Learn from Jack Jones at the RSA Conference

Best Approach to Prioritizing Risks - Part 3

What Is a Cyber Value-at-Risk Model?

Free Open FAIR Seminar - Learn about Quantitative Risk Analysis

Best Approach to Prioritizing Risks - Part 2

How Was FAIR Started?

Who is the Author of FAIR?

Best Approach to Prioritizing Risks - Part 1

3 Key Steps to Scoping a Risk Analysis

How to Communicate Cyber Risk to the Board

How to Measure Aggregate Risk

The Open Group Conference – How to Quantify Information Risk Through the Open FAIR Standard

Comparing Security Budgets

Appropriate funding

The Role of Critical Thinking

Risk Models Matter


Subscribe to Email Updates

Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts