This year’s RSA Conference, Monday-Friday, March 4-8, in San Francisco is a great opportunity to hear some of the world’s best thinkers and doers in and around the FAIR movement and advanced techniques in risk management in general. Below are some of the key sessions, but it all starts with the FAIR Institute Breakfast Meeting, Wednesday, 8-11 AM, at the Courtyard by Marriott San Francisco, a short walk from the Moscone Center. FAIR model creator and FAIR Institute Chair Jack Jones will lead a discussion that includes case study presentations by ADP and Ascena Retail.
Get FAIR-trained just before RSAC19: Take the FAIR Analysis Fundamentals Course, Sunday and Monday, March 3-4, in San Francisco, to gain a foundational understanding of FAIR and prepare for the Open FAIR certification exam. Register now!
You have three more chances to hear Jack Jones: He will present on Defining a Cyber-Risk Appetite That Works, on Tuesday, 11 AM and Wednesday, 1:30 PM. Jack will “share a simple process for defining an unambiguous cyber-risk appetite that can drive better decision-making.” And Jack will join a panel discussion on “Managing and Quantifying Cyber Risk Across the Enterprise” at 3:15 PM Monday as part of RSA Public Sector Day.
Evan Wheeler, CISO at Financial Engines and one of the most lucid explainers of the FAIR model, will cover Data Breach or Disclosure: A Quantitative Risk Analysis, Wednesday at 8 AM. Learn more about Evan.
If you heard Marta Palanques and Steve Reznik of ADP speak at the 2018 FAIR Conference, you know they always impart actionable risk quantification techniques. They’ll discuss What Makes a Good KRI? Using FAIR to Discover Meaningful Metrics, Thursday at 8 AM. Watch a video of their FAIRCON presentation.
“For the past 25 years, network defenders have been doing risk assessments wrong. Qualitative risk matrices and heat maps are just bad science,” argues Rick Howard, CSO for Palo Alto Networks. Hear his talk, Superforecasting II: Risk Assessment Prognostication in the 21st Century, Tuesday at 11 AM. Rick credits the FAIR book (Measuring and Managing Information Risk) as a major influence.
Jack Freund, co-author with Jack Jones of the FAIR book and Director, Cyber Risk, at TIAA, will present with colleague Joel Amick, Director, Cyber Analytics and Data Science, TIAA, on Virtual Pen Testing Using Risk Models, a FAIR-based approach to modeling likely scenarios for compromise in your network. Wednesday at 2:50 PM. Read Jack’s writing for the FAIR Institute Blog.
Also, catch these sessions:
The Metrics Manifesto, 1 PM Tuesday, with Richard Seiersen, President, M-Cubed and co-author with Douglas Hubbard of How to Measure Anything in Cybersecurity Risk.
Finding the Right Answers—Facilitating Insider Threat Analysis Using OCTAVE, Tuesday, 2:20 PM, will cover the Software Engineering Institute (SEI) Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) process that integrates with FAIR.
Movement Central: Attend the 2019 FAIR Conference, National Harbor, MD, September 24-25. Register now for the conference and the pre-conference training opportunity.