FAIR Institute in 2024: Growing Research and Training Programs, Extending the FAIR Model
Expect bold steps forward by the FAIR Institute in 2024. Here are some of the events and initiatives we will launch in the new year, all with the goal of better serving our membership and advancing the risk management profession.
New Focus on Research and Thought Leadership
In his keynote for the 2023 FAIR Conference, FAIR Institute Founder and President Nick Sanna said that, in addition to the organization’s traditional role facilitating networking and sharing of best practices, “more and more we got the request from our members to accelerate the research into new risk analysis models.”
Nick outlined research areas on the Institute’s 2024 agenda:
>>Evaluating the effectiveness of cybersecurity controls
>>Integrating compliance and risk management
>>Measuring and determining materiality of cyber incidents
>>Assessing emerging risks, for instance related to AI.
>>Analyzing risks related to third party/supply chain
To lead the research program, Institute members organized a Standards Committee and began recruiting for workgroups.
Extensions of the FAIR Standard: FAIR-CAM, FAIR-MAM and More
“You’re going to see FAIR becoming plural,” Nick Sanna said. “We are coming up with ancillary standards which allow you to analyze risk in more thorough ways.”
FAIR creator Jack Jones and Institute members recently released a mapping of the NIST CSF framework to the FAIR Controls Analytics Model (FAIR-CAM), as Jack wrote, so risk analysts and managers can “more accurately understand how gaps or deficiencies in CSF subcategories may affect the amount of risk they have, as well as which improvements may have the greatest effect.” Expect more mapping to other popular frameworks in 2024 for FAIR-CAM and likely the first commercially available application version.
Also expect widespread adoption of the FAIR Materiality Assessment Model (FAIR-MAM), as organizations confront the ongoing need to disclose cyber events of material impact.
Major Expansion of Training Opportunities
>>The #1 request on training from the FAIR Community has been for an executive overview of FAIR – and in February, the Institute will launch “Cyber Risk Management for Executives – a FAIR Approach” a self-directed course with video coaching by business leaders such as John Chambers, former CEO of Cisco.
The course, along with a new course for risk analysts will be delivered on a new FAIR Academy training platform as well as online through Coursera. Graduates will receive certifications from the Institute.
>>Continuing education has also been on the membership’s wish-list: Early in 2024, we’re responding with training on FAIR-CAM and FAIR-MAM.
Events: Save the Dates for the FAIR Conference and Europe Summit!
Visit the FAIR Institute Events Page, then pull up your calendar and mark:
>>October 1-2, 2024, Washington, DC: The 2024 FAIR Conference, the premier event in risk management that brings leaders in cyber and operational risk together from around the world.
>>March 13, 2024, Paris: The 2024 FAIR Institute Europe Summit, this year with a focus on “Managing Cyber Risk Management in the Age of New Incident Disclosure Rules,” the main event of the year for the FAIR Community in Europe
>>May 7, 2024, RSA Conference, San Francisco – Jack Jones again leads a seminar educating industry professionals on the FAIR model and outlook on risk.
Follow us throughout the year for webinars, local chapter meetings and more networking and educational events on cyber risk quantification following FAIR, the international standard model for CRQ.
“Every year we stretch the limits of what’s possible,” Nick Sanna told the 2023 FAIR Conference, reflecting on how conventional wisdom rejected the notion of cyber risk quantification just a few years ago. “Now we are debating how to scale it, how to accelerate it, how to expand the use cases and that’s thanks to us as a community.”
Our Mission
The FAIR Institute is a research-driven not-for-profit organization dedicated to advancing the discipline of cyber and operational risk management through education, standards and collaboration. Join us as an Institute member!