It's official: NIST has formally published FAIR as an Informative Reference to the NIST CSF, the most widely used cybersecurity framework in the U.S, a major milestone in the history of FAIR. This means that there is mapping between FAIR and the NIST CSF standard in the sections covering risk analysis and risk management.
Don’t think of cybersecurity standards and frameworks as checklists – think of them as recipes with plenty of room for “season to taste.” That was the message coming out of a panel discussion at the 2019 FAIR Conference on the topic “Building a Cybersecurity Program with a Risk Management Framework & FAIR,”
Led by FAIR model creator Jack Jones, the panel discussion “CISO Panel: Defining the Goals of an Effective Risk Management Program” at the recent 2019 FAIR Conference, covered a lot of ground. Four chief information security officers - speaking from hands-on experience - discussed everything from building a FAIR program, to briefing the board
Prepare to have at least some of your preconceptions about risk, cyber and otherwise, blown away by Douglas W. Hubbard in this video of his talk at the 2019 FAIR Conference, “How to Measure Risk with Limited and Messy Data: Overcoming the Myths.”
John A. Wheeler, Gartner’s influential global research leader for risk management technology solutions and services, is just out with a new blog post introducing the concept of “techquilibrium”, defined as “the balance point where the enterprise has the right mix of traditional and digital capabilities
CISO Omar Khawaja built a highly rated security program for Highmark Health, the major manager of health plans and hospitals – but something was missing, he told Health IT Security in a recently published interview.
(We just added the video so you can watch in its entirety this significant speech looking back and forward on US government cybersecurity policy. Watch the video now. FAIR Institute membership and LINK community site registration -- both free-- required to view the video.)
Last week’s 2019 FAIR Conference in National Harbor, MD, drew a record crowd of enthusiastic practitioners and learners of FAIR quantitative risk analysis. thorough media coverage of the event spread the word to a wider audience that risk management, particularly on the cyber side, is undergoing a fundamental change for the better
Like Day One of FAIRCON19, the second day of the FAIR Institute’s annual gathering covered a wide range of top-of-mind topics for cybersecurity and risk professionals