FAIR Institute members were served in 2022 a banquet of blog posts, videos and other content for learning, practicing, evangelizing and defending risk quantification with Factor Analysis of Information Risk (FAIR™).
Among the themes that generated the most interest:
>>Jack Jones, creator of FAIR. As usual, Jack was the force behind so much of the thought leadership on the FAIR Institute site, explaining basic concepts of quantification, advancing the new FAIR Controls Analytics Model (FAIR-CAM™) and responding to the rash of product marketing that broke out in 2022 making claims to perform quantification with just-trust-us proprietary models. Read blog posts by and about Jack Jones.
>>Two FAIR Conferences (FAIRCON22) -- a light version in the Spring and the magnum version in the Fall -- with 46 blog posts (and more videos in the Member Resources Library open to FAIR Institute Contributing Members), covering the amazing range of presentations from FAIR community members. Join the FAIR Institute now.>>Excitement in the community continued to run high for FAIR-CAM, the intellectual breakthrough in cybersecurity controls management, closely related to the next topic…
>>Automating Cyber Risk Quantification. Jack wrote a five-part blog post series, a timely and significant contribution to point the way forward for CRQ.
12 Most Popular Blog Posts Published by the FAIR Institute in 2022, Based on Page Views:
1. Attacking FAIR - A Reply by Jack Jones (tie)
1. Jack Jones Rebuts ‘FAIR Fatigue’, an Article Filled with Misrepresentations of FAIR (tie)
2. Identifying the Right Risk Scenarios to Measure with FAIR (Institute Member Raksha Shenoy, Equinix))
3. A Solution for Measuring Inherent Risk by Jack Jones
4. Jack Jones: Automating Cyber Risk Quantification
5. 3 New Ways to Think about Cybersecurity Controls (FAIR-CAM)
6. 10 Reasons Why FAIR Is the Standard for Cyber Risk Quantification (Infographic)
7. 7 Basic Tools for FAIR Cyber Risk Analysis
8. 5 Objections to FAIR and How to Overcome Them – Lessons from the Netflix FAIR Program (FAIRCON22)
9. What’s the Risk Reduction Effect of NIST CSF Maturity Scores? Jack Jones and the FAIR-CAM Team Are Working on It
10. FAIR vs. Proprietary Cyber Risk Analysis Models: What’s the Difference? Jack Jones Explains
11. Understanding and Managing Skeptical Stakeholder Reaction to Quantitative Cyber Risk Analysis (Institute Member Caleb Juhnke, Equinix)
12. 4 CISOs Explain How to Make the Culture Change from Compliance Focus to Risk-Based Cybersecurity (FAIRCON22)