FAIR Institute Blog

Jack Freund

Jack Freund
Dr. Jack Freund is a leading voice in Information Risk measurement and management with experience across many industry segments. His corporate experience includes spearheading strategic shifts in IT Risk by leading his staff in executing multimillion dollar efforts in cooperation with other risk and control groups. He is the co-author of "Measuring and Managing Information Risk: A FAIR Approach."

Recent Posts

NISTIR 8286 Second Draft: Strong Focus on Risk Quantification for Aligning Cyber and Enterprise Risk Management

[fa icon="calendar'] Jul 30, 2020 7:42:00 AM / by Jack Freund posted in Risk Management, Government

[fa icon="comment"] 2 Comments

NIST has released a second draft of its groundbreaking NISTIR 8286 standard that provides a roadmap for organizations looking to better align cyber risk management with enterprise risk management functions.

Read More [fa icon="long-arrow-right"]

NIST's Advice: Integrate Cyber Risk with Enterprise Risk Using FAIR™

[fa icon="calendar'] Apr 28, 2020 2:49:31 PM / by Jack Freund posted in Risk Management

[fa icon="comment"] 1 Comment

NIST has released a draft document to help organizations align their cyber risk management operations with an enterprise risk management function.

Read More [fa icon="long-arrow-right"]

Why NIST 800-30 and CVSS Are Not Enough for Effective Risk Management - Jack Freund

[fa icon="calendar'] Apr 23, 2020 8:37:00 AM / by Jack Freund posted in Risk Management

[fa icon="comment"] 0 Comments

Many organizations look to NIST to help them construct their cyber security programs. Security frameworks, such as NIST CSF, are very popular for helping to ensure you’ve identified a complete list of necessary controls

Read More [fa icon="long-arrow-right"]

ZombieLoad at the Gates - FAIR on Defense

[fa icon="calendar'] May 16, 2019 10:00:00 AM / by Jack Freund

[fa icon="comment"] 0 Comments

Intel revealed a new speculative execution vulnerability named ZombieLoad and it is yet another processor execution bug in the style of Spectre and Meltdown that were made public in January of 2018.

Read More [fa icon="long-arrow-right"]

The ‘Risk Therapist’ on Your Team: When It’s Time for an Intervention

[fa icon="calendar'] Sep 25, 2018 11:22:40 AM / by Jack Freund posted in FAIR

[fa icon="comment"] 0 Comments

Far too many organizations approach their risk management operations using phrases such as “That risk feels high to me...” Since the end result of a risk assessment involves the assignment of a verbal risk label, those not practiced in quantitative risk management focus on the output and not the input--to their detriment.

Read More [fa icon="long-arrow-right"]

Organizational Signals for Changing Risk Appetite

[fa icon="calendar'] Aug 28, 2018 9:00:00 AM / by Jack Freund posted in Risk Management

[fa icon="comment"] 1 Comment

In 2015, the North Carolina Department of Transportation (NC DOT) completed the I-485 project it began in 1988. This delivered to Charlotte a 67-mile outer belt loop around the city that it had desperately needed. With the completion of the last 5.7 miles of the freeway, the NC DOT also declared that the speed limit would rise from 65 to 70 mph.

Read More [fa icon="long-arrow-right"]

Concept Creep: Why Cyber Risk Problems Never Get Solved

[fa icon="calendar'] Jul 27, 2018 1:48:32 PM / by Jack Freund posted in FAIR

[fa icon="comment"] 0 Comments

Managing risk professionally means managing our own cognitive biases to effectively represent the risk facing our organizations. Overcoming the biases that each one of us brings to an analysis is a challenge and the only way to effectively manage this is by being actively aware of our own limitations in our perception of reality.

Read More [fa icon="long-arrow-right"]

KRIs for Cybersecurity: Canaries in Coal Mines

[fa icon="calendar'] May 1, 2018 8:30:00 AM / by Jack Freund posted in FAIR, Risk Management

[fa icon="comment"] 2 Comments

For a long time, humans have used various organisms to help them detect dangerous environmental conditions. Animals used for this purpose are called ‘Sentinel Species’ by scientists -- the best example is the use of caged canaries to detect dangerous levels of carbon monoxide in coal mines.

Read More [fa icon="long-arrow-right"]

How to Assess Quality in Cyber Risk Forecasting - Part 3

[fa icon="calendar'] May 25, 2016 4:30:00 PM / by Jack Freund posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

In the first two posts of this series, we discussed the importance of building a threat library and risk rating tables followed by acquiring data to conduct analyses. In this final post, we will discuss analyzing the data and communicating it to management.

Read More [fa icon="long-arrow-right"]

How to Assess Quality in Cyber Risk Forecasting - Part 2

[fa icon="calendar'] May 18, 2016 8:30:00 AM / by Jack Freund posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

In my first post of this series, I focused on how to build a threat library and risk rating tables.

Read More [fa icon="long-arrow-right"]
LEARN MORE
Content not found

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts