FAIR Institute Blog

Jeff B. Copeland

Jeff is the Content Marketing Manager for RiskLens.

Recent Posts

COSO ERM’s Cyber Risk Guidance Recommends FAIR™ – Interview with ERM Authority James Lam

[fa icon="calendar'] Jan 16, 2020 9:45:00 AM / by Jeff B. Copeland posted in FAIR

[fa icon="comment"] 0 Comments

In another milestone for acceptance of FAIR™ and cyber risk quantification, COSO has issued its first guidance document on applying the COSO Enterprise Risk Management Framework to cyber risk management – and included a reference to the FAIR model

Read More [fa icon="long-arrow-right"]

Jack Jones’ 2019 Insights on Building a Cyber Risk Management Program – and Outrunning the Bear

[fa icon="calendar'] Jan 9, 2020 7:30:00 AM / by Jeff B. Copeland posted in Risk Management, Jack Jones

[fa icon="comment"] 0 Comments

“Thought leadership” is a term that gets used loosely but Jack Jones, creator of Factor Analysis of Information Risk (the FAIR™ model) and Chairman of the FAIR Institute has been out in front of the profession for years patiently pointing out the limitations of conventional, qualitative risk analysis

Read More [fa icon="long-arrow-right"]

Jack Freund’s Radical Proposal: Admit You Probably Will Get Breached

[fa icon="calendar'] Jan 7, 2020 7:30:00 AM / by Jeff B. Copeland

[fa icon="comment"] 0 Comments

In a new article for Threatpost, Jack Freund, PhD, co-author of the FAIR™ book Measuring and Managing Information Risk, makes the radical proposal that organizations issue a “cyber risk prospectus” much like an investment prospectus that warns “past performance is not an indicator of future results.  

Read More [fa icon="long-arrow-right"]

NIST CSF Adds FAIR™, Videos from FAIR Conference 2019, and More Top 5 Topics of Our Blog in 2019

[fa icon="calendar'] Dec 31, 2019 10:12:53 AM / by Jeff B. Copeland posted in FAIR, Risk Management, FAIR Conference 2019

[fa icon="comment"] 0 Comments

To judge from the most-read topics of the year, FAIR Institute blog readers were focused on keeping up with the risk quantification movement and learning all they could about FAIR™ best practices. Leading off the list were the two big events of the year, the 2019 FAIR Conference and the addition of FAIR to the NIST CSF

Read More [fa icon="long-arrow-right"]

Win Converts to FAIR™. Quote Jack Freund’s Manifesto in the ISACA Newsletter

[fa icon="calendar'] Dec 24, 2019 6:30:00 AM / by Jeff B. Copeland posted in FAIR

[fa icon="comment"] 0 Comments

If you need a concise manifesto to convince others in your organization of the need for FAIR™ cyber risk quantification – particularly in budget-setting season—Jack Freund, PhD, co-author of the FAIR book Measuring and Managing Information Risk, has written it, just out in the ISACA Newsletter.  

Read More [fa icon="long-arrow-right"]

FAIRCON19 Video: Integrating Cyber Risk into ERM with Experts from BlackRock, DTCC, Freddie Mac

[fa icon="calendar'] Dec 19, 2019 9:35:43 AM / by Jeff B. Copeland posted in FAIR Conference 2019

[fa icon="comment"] 0 Comments

One of the breakthroughs of cyber risk quantification through FAIR™ is to finally place cyber on a par with the other risks that roll up into enterprise risk management (ERM) instead of remaining in its own special silo. But to get to that place takes an effort at communication and coordination and even some org chart changes

Read More [fa icon="long-arrow-right"]

FAIRCON19 Video: Managing Third-party Cyber Risk with RiskRecon, Horizon Blue Cross, and Cyentia Institute

[fa icon="calendar'] Dec 12, 2019 8:47:00 AM / by Jeff B. Copeland

[fa icon="comment"] 0 Comments

Moving risk quantification out to “hundreds of vendors - it magnifies the challenges for sure.”

That was FAIR Institute Advisory Board Member Wade Baker framing up the issue of risk in the cloud, covered in the FAIRCON panel discussion “Managing Organizational and Third-party Risk in the Age of Digital Transformation.”  

Read More [fa icon="long-arrow-right"]

FAIRCON 19 Video: How MassMutual Closes the Risk Management Loop with FAIR™

[fa icon="calendar'] Dec 12, 2019 7:17:00 AM / by Jeff B. Copeland posted in Risk Management, FAIR Conference 2019

[fa icon="comment"] 0 Comments

FAIR™ can support every stage of a risk management program, as Greg Rothauser, Enterprise Business Information Information Security Officer (BISO) for MassMutual, told a session at the 2019 FAIR Conference – starting with the widely used wheel from NIST 800-39: Frame / Assess / Respond / Monitor.

Read More [fa icon="long-arrow-right"]

FAIRCON19 Video: Use Case Panorama – FAIR™ Practitioner Success Stories from BB&T, Swisscom, Fidelity Investments and Daimler Mobility

[fa icon="calendar'] Nov 22, 2019 10:11:30 AM / by Jeff B. Copeland posted in FAIR Conference 2019

[fa icon="comment"] 0 Comments

For ground-level, hands-on, advice on starting a FAIR™ quantitative risk management program, the Use Case Panorama session at the recent 2019 FAIR Conference was the place to be.

Read More [fa icon="long-arrow-right"]

NIST Maps FAIR to the CSF - Big Step Forward in Acceptance of Cyber Risk Quantification

[fa icon="calendar'] Nov 19, 2019 2:36:00 PM / by Jeff B. Copeland posted in FAIR, Risk Management

[fa icon="comment"] 1 Comment

It's official: NIST has formally published FAIR as an Informative Reference to the NIST CSF, the most widely used cybersecurity framework in the U.S,  a major milestone in the history of FAIR. This means that there is mapping between FAIR and the NIST CSF standard in the sections covering risk analysis and risk management.

Read More [fa icon="long-arrow-right"]
LEARN MORE

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts