If you were among the 700 RSA Conference attendees who sat in on one of the two half-day seminars introducing FAIR™, led by Jack Jones and Jack Freund (photo), co-authors of the FAIR book, you got a good look at the power of the FAIR model
Tom Callaghan and Christophe Foret pioneered FAIR™ in Europe, both as founders of the Paris Chapter of the Institute and of consulting firm C-Risk, the European leader in cyber risk quantification services.
Risk quantification pioneers come to FAIR™ from all different directions but Alex Rogozhin, Sr. Manager, Cybersecurity Intelligence Team, at banking company Truist had one of the more unusual journeys.
A new article from Ars Technica asks the question “why is the healthcare industry still so bad at cybersecurity?” and answers with an inventory of institutional and regulatory shortsightedness, resistance to change, lack of budget and simple confusion that calls out for the kind of re-set button that other industries are hitting with a risk-based approach to cybersecurity like FAIR™.
In this webinar, Cyber Intelligence Analyst Samantha Chamberlin, tells how Fannie Mae uses FAIR™ to solve the common problems of both threat intelligence and risk analysis teams, particularly the challenges of gathering information from technical SMEs
Many FAIR program leaders start at a ground level and work their way up to a board presentation. Chris Golden started at the top, as he tells FAIR Institute Director Luke Bader in this podcast interview, demonstrating FAIR to the board for the green light on a risk quantification initiative.
Researchers at the Federal Reserve of New York recently issued a study saying that intrabank “wholesale” payments are so concentrated in the top five banks that if any one of them were disrupted by a cyber attack, the result could be a liquidity crisis in the banking system – a kind of cyber run on the banks.
In another milestone for acceptance of FAIR™ and cyber risk quantification, COSO has issued its first guidance document on applying the COSO Enterprise Risk Management Framework to cyber risk management – and included a reference to the FAIR model
“Thought leadership” is a term that gets used loosely but Jack Jones, creator of Factor Analysis of Information Risk (the FAIR™ model) and Chairman of the FAIR Institute has been out in front of the profession for years patiently pointing out the limitations of conventional, qualitative risk analysis
In a new article for Threatpost, Jack Freund, PhD, co-author of the FAIR™ book Measuring and Managing Information Risk, makes the radical proposal that organizations issue a “cyber risk prospectus” much like an investment prospectus that warns “past performance is not an indicator of future results.