FAIR Institute Blog

Recent surveys of business executives and board members by Harvard Business Review Analytics and PwC give evidence that the movement to cyber risk quantification and FAIR™ is growing, if from a small base:

Risk management is undergoing major changes in process and technology, Gartner Research Director Khushbu Pratap told the 2020 FAIR Conference, and risk and security leaders need to recognize and get out ahead of the key drivers at work.

You’re probably using the NIST CSF, the most popular cybersecurity framework, as a checklist of best practices but it could do a lot more for your organization.

It’s a common question: How to introduce quantitative risk analysis with FAIR™ (Factor Analysis of Information Risk) to an organization that’s traditionally run on a controls checklist/maturity model approach to cybersecurity risk management?

Government cyber risk professionals: This session at the 2020 FAIR Conference was packed with practical advice – you’ll want to listen carefully to the video but also download the slides

You’re all fired up about Factor Analysis of Information Risk (FAIR™) and eager to bring the transformative power of cyber risk quantification to your organization—but for now, you’re a voice crying in the wilderness of red-yellow-green heat maps

For a fresh take on getting the most out of your risk analysts and subject matter experts (SMEs), watch the video of Douglas Hubbard’s session at the 2020 FAIR Conference

James Lam, world authority on enterprise risk management and former chair of the risk oversight committee for the board of E*TRADE, has been setting a goal in FAIR Conference sessions since 2018 that cyber risk management must pull itself up to the level of enterprise risk management

Get your reporting in line with board thinking – that was the overall message for CISOs from the roundtable discussion at the recent 2020 FAIR Conference, “Helping the Board Exercise Proper Cyber Risk Oversight”.