“Leadership Vision for 2022,” a new report from Gartner, the leading technology consulting firm, presents some solid advice for CISOs and other security and risk management leaders pulled in many directions
Recent Posts
Ransomware attacks on healthcare organizations increased by 94% year over year in 2021, according to a global survey by Sophos, an average of nearly two data breaches of sensitive PHI have occurred every day in the U.S., according to HHS
Jack Jones introduced FAIR-CAM™, the FAIR Controls Analytics Model, to challenge the cybersecurity profession to move beyond its reflexive focus on cybersecurity controls lists
FAIR standard creator Jack Jones spoke this week at the 2022 RSA Conference with the message that the future of risk measurement and management is (drum roll) artificial intelligence and automation. You might have heard the same in vendor booths on the show floor, but not like Jack told it: The industry won’t get there without a major shift left
Jack Jones, creator of FAIR™ (Factor Analysis of Information Risk) and chief provocateur of the cyber risk quantification movement, speaks at the 2022 RSA Conference, Wednesday, June 8, in a morning seminar on the future of risk measurement.
CVSS scores are widely used – and widely mis-used – in cyber risk management. The Common Vulnerability Scoring System serves as a valuable alert system to point defenders to weaknesses in their defenses. But because CVSS scoring is numeric, it is often confused as quantitative cyber risk analysis
If you’re looking to try Factor Analysis of Information Risk (FAIR™) in a lightweight way, these tools and resources will get you started – all of them offered by the FAIR Institute or shared by Institute members, particularly in sessions at the annual FAIR Conference.
Do you know your hurdle rate? Michael Carr, VP, CTO/CISO, at Health First, the Florida hospital operator and health insurance provider, recently gave a talk to the HealthITSecurity Virtual Summit that covered financial terms and metrics
In our recent member survey, we asked “please rank the areas in which you would like to learn or sharpen your FAIR-related skills.” Taking a cue from the results, here is a short study guide covering the topics of most educational interest to the FAIR Institute membership.
We’re hearing increasingly that organizations successful at managing cyber risk in financial terms with Factor Analysis of Information Risk (FAIR™) are now looking to enterprise risk management as the next frontier for quantitative risk management.
