FAIR Institute Blog

Jack Jones

Jack Jones

Recent Posts

Why Cyber Risk Quantification (CRQ) Demos Aren't Enough

[fa icon="calendar'] Aug 2, 2022 2:44:24 PM / by Jack Jones posted in Jack Jones

[fa icon="comment"] 0 Comments

Imagine that you’re looking for an encryption solution.  There are many providers on the market, all of whom use one of the well-vetted public encryption standards.  But let’s imagine there’s a new player in the market — one that claims to have a vastly improved, but proprietary, solution. 

Read More [fa icon="long-arrow-right"]

Attacking FAIR - A Reply by Jack Jones

[fa icon="calendar'] Jul 27, 2022 5:42:49 PM / by Jack Jones posted in FAIR, Jack Jones

[fa icon="comment"] 0 Comments

It was bound to happen.  For years, Factor Analysis of Information Risk (FAIR™) was, for all intents and purposes, the only Cyber Risk Quantification (CRQ) model out there.

Read More [fa icon="long-arrow-right"]

Jack Jones Rebuts ‘FAIR Fatigue’, an Article Filled with Misrepresentations of Factor Analysis of Information Risk (FAIR), the Standard for Risk Quantification

[fa icon="calendar'] Jul 11, 2022 3:50:04 PM / by Jack Jones posted in FAIR

[fa icon="comment"] 1 Comment

It’s not often that I’m surprised by someone’s actions on the Internet, but I’ll admit to being surprised today.

Read More [fa icon="long-arrow-right"]

Jack Jones: Automating Cyber Risk Quantification (Part 5 of 5)

[fa icon="calendar'] May 10, 2022 7:45:00 AM / by Jack Jones posted in Jack Jones, Jack Jones on Automating CRQ

[fa icon="comment"] 0 Comments

In the previous post, I provided examples of some controls-related data that can’t be used to support automated cyber risk quantification (CRQ).  But the news isn’t all bad.  There are some data that can be used to support CRQ.

Read More [fa icon="long-arrow-right"]

Jack Jones: Automating Cyber Risk Quantification (Part 4 of 5)

[fa icon="calendar'] May 3, 2022 1:50:19 PM / by Jack Jones posted in Jack Jones, Jack Jones on Automating CRQ

[fa icon="comment"] 0 Comments

I covered a lot of ground in the previous posts, and rather than summarize them here I’ll assume you’ve read those posts already.  So, let’s dive into the last analytic dimension…

Read More [fa icon="long-arrow-right"]

Jack Jones: Automating Cyber Risk Quantification (Part 3 of 5)

[fa icon="calendar'] Apr 25, 2022 11:45:38 AM / by Jack Jones posted in Jack Jones, Jack Jones on Automating CRQ

[fa icon="comment"] 0 Comments

In the previous two posts, I briefly discussed that:

  1. The CRQ market is rapidly growing, and there’s a strong desire to automate CRQ analysis...
Read More [fa icon="long-arrow-right"]

Jack Jones: Automating Cyber Risk Quantification (Part 2 of 5)

[fa icon="calendar'] Apr 18, 2022 12:05:26 PM / by Jack Jones posted in Jack Jones, Jack Jones on Automating CRQ

[fa icon="comment"] 2 Comments

In Part 1 of this series, I discussed that the market for cyber risk quantification (particularly automated CRQ) is growing rapidly, but that automation, done poorly, can to more harm than good.  In this post, I’ll begin to discuss what it takes to automate CRQ responsibly.

Read More [fa icon="long-arrow-right"]

Jack Jones: Automating Cyber Risk Quantification (Part 1 of 5)

[fa icon="calendar'] Apr 12, 2022 7:45:00 AM / by Jack Jones posted in Jack Jones, Jack Jones on Automating CRQ

[fa icon="comment"] 0 Comments

Until recently, it’s mostly been organizations with visionary and early adopter tendencies who have embraced cyber risk quantification (CRQ).  They understood the value and were willing to deal with the challenges. 

Read More [fa icon="long-arrow-right"]

A Solution for Measuring Inherent Risk

[fa icon="calendar'] Feb 22, 2022 2:32:43 PM / by Jack Jones posted in Risk Management, FAIR-CAM

[fa icon="comment"] 0 Comments

If you search the FAIR Institute blog, you will find several posts about Inherent Risk, each highlighting fundamental problems with the standard definition for Inherent Risk and offering insights and advice regarding how to better define and use it.  To save you the trouble of finding and reading old posts, I’ll boil them down:

Read More [fa icon="long-arrow-right"]

Study Finds Employees Will Violate Security Policy to Get Their Work Done – FAIR-CAM Helps to Solve the Problem

[fa icon="calendar'] Jan 31, 2022 7:15:00 AM / by Jack Jones posted in FAIR-CAM

[fa icon="comment"] 0 Comments

A study sponsored by the National Science Foundation and reported in the Harvard Business Review, Research: Why Employees Violate Cybersecurity Policies, identified a wide disconnect between the demands of cybersecurity and the reality of day-to-day work for employees – one of the key gaps that the new FAIR Controls Analytics Model™ (FAIR-CAM™) is intended to help close.  

Read More [fa icon="long-arrow-right"]
LEARN MORE
Content not found

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts