This is what a movement looks like. Membership in the FAIR Institute has now passed 3,000, about double the level of a year ago, as cyber risk quantification wins converts across industries
In traditional board of directors committee structure, each of the board’s five main functions (strategy, executive selection and compensation, governance, audit, risk and compliance) is assigned to a different committee, except one: risk, long handled by the audit committee.
In a video interview just out on eWeek, titled “RSA Taking a FAIR Approach to Defining Cyber-Risk”, RSA Chief Technology Officer Zulfikar Ramzan discusses what he calls the “exciting” new direction for RSA Archer: “cyber risk economics and cyber risk quantification.
Most folks are surprised to learn that the FAIR Institute just turned two, given the wide influence its activities are having in shaping modern risk management programs
Mark your calendars! The Fair Institute’s annual FAIR Conference will take place October 16-17 in Dallas, TX, at the beautiful Hilton Anatole, located in the heart of the city’s Design District.
NYSE-listed organizations are extending the use of the COSO standard and framework beyond the management of financial reporting risk as mandated by section 404 of the Sarbanes-Oxley Public Company Accounting Reform and Investor Protection Act (SOX).
Listen carefully around the halls of the Moscone Center and you could hear a shift in the buzz at this year’s RSA Conference, compared to years past.
Just one year old, the FAIR Institute has hit 1,000 members, including cyber and operational risk executives from some of the biggest names in corporate America and the public sector.
Hear John Carlin, chair of the global risk and crisis management practice at Morrison & Foerster and formerly in charge of the cyber security division at the US Department of Justice, speak about a transformative experience that cyber risk quantification brought about in two government organizations.
FAIR Institute member Chip Block, from Evolver, reviewed the recently published NIST 800-160 Special Publication Systems Security Engineering and shared his considerations on what NIST 800-160 means for risk quantification, FAIR and IoT in an article that deserves to be shared with all of our members.