FAIR Institute President Nick Sanna was among the featured speakers last week at the first annual Cyber Day on the Hill, an event organized to educate Congressional staff members on cutting edge thinking in cybersecurity, both on the national policy level and for protecting their own offices from attack.
Nick introduced the Cyber Day audience to FAIR principles and the movement to making risk quantification standard operating procedure in cyber risk management. “The dark ages of cybersecurity are over,” Nick said. “There are now standard ways to measuring the effectiveness of cybersecurity initiatives and making sense of what’s working and what is not.” He was joined by speakers from IBM, Palo Alto Networks, Microsoft and other tech leaders.
Among the sponsors of the event was Congressman Jim Langevin, the Rhode Island Democrat and Co-chair and Co-founder of the Congressional Cybersecurity Caucus, a speaker at the upcoming FAIR Conference, September 24-25 at National Harbor, MD, outside Washington. Read more about Langevin’s FAIRCON appearance.
The invitation to speak to Hill staffers is the latest sign that FAIR techniques and principles are gaining recognition in the government sector:
- Congress’ Government Accountability Office gave federal agencies a failing grade on cyber risk management in a report that highlighted the need for a common risk vocabulary and financial quantification of risk in the federal cybersecurity establishment
- The Department of Energy’s deputy CISO told a professional group that his agency is planning a major move to the cloud using FAIR analysis. Other agencies that have trained staff on FAIR include the Treasury Department and The White House Office of Management and Budget.
- The National Institute of Standards and Technology (NIST), the highly influential federal agency that creates cybersecurity standards and frameworks used throughout the government, published a “success story” case study of integration of FAIR with the NIST Cybersecurity Framework (NIST CSF) by Cimpress, and said the combination facilitates "more informed decisions around managing risk.” There will be a session at the FAIR Conference titled “Building a Cybersecurity Program with a Risk Management Framework & FAIR” with both Kevin Stine, Chief of the Applied Cybersecurity Division at NIST, and Ian Amit, CSO at Cimpress on the panel. The FAIR Institute is also working with NIST to have FAIR listed as an informative reference for the next update of the CSF.
Government employees keep up with the latest in all these developments by joining the Government Chapter of the FAIR Institute, which meets regularly in Washington, DC (next, Oct. 3, 2019). Become an Institute member to join the chapter.