We often talk about the “FAIR™ journey” up from qualitative, compliance-oriented, or other less disciplined forms of cyber risk management to Factor Analysis of Information Risk.
Recent Posts
Jack Whitsitt has been a FAIR practitioner since 2016, built the quantitative risk analysis program at Bank of America and is now doing the same at Datto (the services provider to MSPs)
Jack Jones, creator of Factor Analysis of Information Risk (FAIR™), the international standard for quantification of cyber risk, gave an RSAC21 audience a preview of his breakthrough FAIR Controls Analytics Model (FAIR-CAM) that will, for the first time, enable security teams to reliably evaluate how controls affect risk in quantitative terms.
Watch the RSAC21 Seminar: Intro to Managing and Communicating Cyber Risk in Business Terms with FAIR
Learn the basics of Factor Analysis of Information Risk (FAIR™) and the case for risk quantification from FAIR creator Jack Jones, see FAIR analysis in action and hear practical tips
The Open Group Security Forum, the experts who maintain Factor Analysis of Information Risk (FAIR™) as the international standard for cyber risk quantification, recently updated the Open FAIR Body of Knowledge to clarify some risk terminology, including this statement:
With the third anniversary coming up for enforcement of the EU’s General Data Protection Regulation (GDPR), it’s a good time to check in with our European FAIR Institute Chapter Co-Chairs for a read on the regulatory climate.
Factor Analysis of Information Risk (FAIR™) defines “risk” in a way that’s both simple and useful.
Risk = the probable frequency and probable magnitude of future loss
Pres. Biden announced his intention to nominate Chris Inglis for the new National Cyber Director role, coordinating cybersecurity across civilian agencies.
The Australian Prudential Regulation Authority (APRA), the licensing authority for banks, employer-sponsored retirement (“superannuation”) funds, financial services and insurance companies, is placing responsibility for cybersecurity squarely on board members
As the popularity of cyber risk quantification (CRQ) grows, so grows the confusion in the marketplace about choosing the right cyber risk quantification solution among many with the CRQ label.
