The FAIR community by definition is a group that likes to stay out in front of trends in risk management and the 2024 list of most popular blog posts reflects a year with plenty of new developments to track, from AI to third-party risk to materiality measurement and more.
Among the new blog posts we published this year, here’s what engaged our readers the most:
1. A FAIR Artificial Intelligence (AI) Cyber Risk Playbook
We introduced the FAIR-AIR Approach Playbook, applying FAIR principles and techniques to the novel risk scenarios spilling out of the GenAI wave and followed up with a series of several more posts sharpening the focus on AI-related risk management.
We made the case that third-party risk management badly needs an update. “Despite having a fleet of tools at their disposal, CISOs and TPRM practitioners are unable to answer the basic questions: ‘What is the most critical third-party risk, and how efficient is your program in managing that risk?’ We also presented a solution: See the #7 most-popular post down the list.
3. Customize FAIR-MAM for Your Most Accurate Cyber Loss Data
As a topic, the FAIR Materiality Assessment Model, introduced in 2023, continues to drive a big chunk of interest in our blog pages (read the related blog posts). This most popular new addition to FAIR-MAM introduced a Financial Impact Questionnaire to aid in gathering data on loss exposure.
4. NIST CSF 2.0 Takes a Major Step to Recognizing Cyber Risk as Business Risk
The new Govern function in this influential risk management framework “lifted cybersecurity risk to a board level, whole-of-business concern,” Institute President Nick Sanna wrote, just as the FAIR Institute has long argued.
Join the FAIR Community! A General Membership for the FAIR Institute is free.
5. Educating Tomorrow’s Cyber Risk Leaders: The FAIR Institute’s Vision for Training & Certification
We are revamping our FAIR fundamentals offering and developing new courses, and will launch our own professional certification program. Get the details of what’s ahead for the Institute in 2025.
6. Two Takeaways from First 10-Ks under New SEC Cyber Risk Disclosure Rules
We were watching carefully as the first filings by regulated public companies came out, in particular to see how they handled disclosing materiality measurement (one company described their FAIR program in the filing).
7. The 3rd Party Risk Crisis – a FAIR Solution
We introduced the FAIR Third-Party Assessment Model and its key principles: risk-based prioritization, comprehensive and continuous monitoring, actionable mitigations.
8. Help Create the FAIR-CAM Cybersecurity Controls Library, a New CRQ Tool
The Controls Library categorizes controls according to their functions and interaction with each other, as described by the FAIR Controls Analytics Model (FAIR-CAM). “The bottom line is that simply scoring your organization’s cybersecurity program based on common control or maturity frameworks doesn’t provide meaningful insight into which controls are most or least valuable,” FAIR creator Jack Jones wrote.
9. FAIRCON24 Welcome Address: FAIR Institute’s New Roadmap to Success in CRQ (Video)
We published 35 posts on talks and activities at the premier annual conference for advanced techniques in risk management - kicked off by this presentation by Institute President Nick Sanna and Managing Director Todd Tucker, looking backward and forward on the increasing sophistication and ambition of the FAIR community.
10. Threat Intel Meet Risk. Risk Meet Threat Intel. FAIR Makes the Match
How to combine FAIR risk analysis with the MITRE ATT&CK framework for threat intelligence to achieve a 360-degree view of cyber risk posture held a lot of appeal for the FAIR Community.
Attention, FAIR institute members and blog post subscribersI
Any topics you’d like to see covered in our blog? We welcome your suggestions and your blog post contributions. Contact us.
We’re also looking for members we can interview for our Meet a Member series. We want to hear your FAIR story! Contact Luke Bader, Director Membership and Programs.