Jack Jones on the Wrong Lessons from the Conviction of Former Uber CSO Joe Sullivan Security professionals should get their act together on cyber risk measurement and risk communication before blaming business management. Read More
What Is Cyber Risk Quantification (CRQ) and How Does It Help Risk Management Decisions? From Jack Jones, creator of the FAIR model, download this white paper for the definitive guide to quantitative analysis of cyber risk. Read More
Why Cyber Risk Quantification (CRQ) Demos Aren't Enough Anyone can do some math and generate a quantitative value. Defending that value is the problem. Read More
Attacking FAIR - A Reply by Jack Jones As the interest in Cyber Risk Quantification has begun to explode in the marketplace, vendors have responded to the call. Read More
Jack Jones Rebuts ‘FAIR Fatigue’, an Article Filled with Misrepresentations of Factor Analysis of Information Risk (FAIR), the Standard for Risk Quantification Proprietary risk models can't compete with the open standard for cyber risk quantification. Read More
Jack Jones: Automating Cyber Risk Quantification (Part 5 of 5) Yes, CRQ can be automated with careful attention to modeling, scoping and data. Read More
Jack Jones: Automating Cyber Risk Quantification (Part 4 of 5) Problems and opportunities for cyber risk quantification with data, CVSS score and NIST score. Read More
Jack Jones: Automating Cyber Risk Quantification (Part 3 of 5) A caution on automation: If the models are fundamentally flawed, analysis results are going to be unreliable. Read More
Jack Jones: Automating Cyber Risk Quantification (Part 2 of 5) A discussion of what it takes to automate quantitative analysis (CRQ) in cybersecurity responsibly to produce valid, useful results Read More
Jack Jones: Automating Cyber Risk Quantification (Part 1 of 5) As the benefits of CRQ become more apparent, organizations find more and different ways to adopt it. Read More
