“It’s relatively rare that you get security leaders and board members together on a panel to talk about things,” says Wade Baker, who moderated “What CISOs Need to Tell the Board About Cyber and Technology Risk” panel discussion at FAIR Conference 2017.
In this short video interview for RSA, Jack Jones, Chairman of the FAIR Institute, and RiskLens CEO Nick Sanna give a high level introduction to the value proposition of FAIR: changing the mindset among risk professionals that keeps them in permanent crisis mode.
The National Institute of Standards and Technology, the Federal Reserve, The Open Group, PCI – a prestigious list of organizations and agencies cite or suggest FAIR as a leading model for cyber risk analysis and management. Expect this list to grow as more risk professionals and regulators come to the conclusion that simply following risk management frameworks isn't enough–they need quantitative analytical models to make effective decisions on risk.
Kim Jones is a 30-year cybersecurity and intelligence veteran – his most recent private sector job was CSO at credit card processor Vantiv, where he started experimenting with FAIR more than five years ago. Recently, he turned cyber-educator as Director of the Cybersecurity Education Consortium at Arizona State University. We talked to Kim at the recent FAIR Conference 2017, where he appeared on the panel “What CISOs Need to Tell the Board”.
Front-line experience, freely shared among friends – that about sums up the spirit of the speakers at the recent FAIR Conference 2017, a lineup of leading FAIR practitioners who were amazingly candid about their success and challenges in spreading the FAIR risk revolution to their organizations.
Big news if you’re a student of FAIR, an organization evaluating FAIR before taking the plunge on a paid risk analysis solution, a do-it-yourselfer who’s been running FAIR on a spreadsheet, or just curious about the buzz around the quantitative model that’s shaking up the risk-analysis profession. The FAIR Institute has just released FAIR-U, the first officially sanctioned training app for FAIR. The tool is offered free of charge by RiskLens, Technical Advisor to the FAIR Institute.
Two pioneers of quantitative risk management based on the FAIR risk model were honored by their peers in information and operations risk this week at the FAIR Institute's 2017 FAIR Conference in Dallas.
Jack Jones…creator of the FAIR model (that’s Factor Analysis of Information Risk)…author of the FAIR book Measuring and Managing Information Risk: A FAIR Approach…chairman of the FAIR Institute…and the leading evangelist for effective risk measurement based on critical thinking. For a quick education on Jack’s thinking and the FAIR approach to risk, check out this reading list of Jack’s 10 most popular writings on the FAIR Institute blog.
Look for thousands of job listings next year for “data protection officer” to meet a requirement of the European Union’s General Data Protection Regulation, the privacy law that goes into effect May 18, 2018. Here’s a quick rundown to see if you need to start shopping for a DPO, as well.
Donald Freese, Deputy Assistant Director of the FBI in the information technology branch, gave the opening keynote talk last week to the (ISC)² Security Congress in Austin, and hit some themes inspired by FAIR.