In response to requests from our membership, the FAIR Institute’s FAIR Standards Workgroups kicked off an ambitious initiative to extend the FAIR™ standard out to the new frontiers of risk measurement and management.
FAIR (Factor Analysis of Information Risk) developed by Jack Jones and popularized in his 2014 book Measuring and Managing Information Risk, has become the standard for quantifying information and operational risk, recommended as a resource by the National Institute of Technology and Standards Cybersecurity Framework (NIST CSF) and many other authorities.
In 2021, Jack introduced the FAIR Controls Analytics Model (FAIR-CAM™) a standard that describes the complex ways that controls operate individually or in a system to affect frequency and magnitude of loss. The Institute will soon announce that FAIR-CAM has been mapped to the controls in the NIST CSF, and the Standards Workgroups will continue development in 2024. Learn more in this blog post:
Mapping FAIR-CAM to Cybersecurity Frameworks: ‘Compliance Is Going to Radically Change’
Note: The FAIR Institute seeks suggestions from our members for research projects. Please contact our research director Pankaj Goyal.
More FAIR Standard Extensions in Development for More Accurate Risk Analysis
>>FAIR Materiality Assessment Model (FAIR-MAM™)
The 2023 rule on cyber risk disclosure from the Securities and Exchange Commission exposed the problem that many companies are not equipped to assess and disclose material risks from cybersecurity incidents in a timely, accurate way. FAIR-MAM™ expands the loss magnitude factors of the FAIR™ model and provides a more detailed taxonomy and breakdown of the loss categories driven by cybersecurity incidents. One of the Standards Workgroups will be developing and publishing more use cases for FAIR-MAM. Learn more:
Introducing FAIR-MAM™ - A Comprehensive Approach to Loss Modeling in FAIR™ (Video)
Free FAIR Inst membership required to view. Join now!
How Material Is that Hack? – Assessment Tool from the FAIR Institute
>>The FAIR AIR Approach for Generative AI Risk (FAIR AIR™)
The hot topic going into 2024 (and beyond): Quantifying risk associated with artificial intelligence deployment for both offensive and defensive use. A Standards Workgroup is just getting rolling on AI, but for a preview of applying FAIR to AI, watch the video of this session at the 2023 FAIR Conference from two of our most experienced FAIR analysts:
The Good News on AI Risk – We Can Analyze It with FAIR (FAIRCON23)
Free FAIR Inst membership required to view. Join now!
>>FAIR Third-Party Assessment Model (FAIR-TAM)
Call it third-party, vendor or supply chain risk exposure, it’s been a difficult problem to crack for FAIR analysts, with all the uncertainties of collecting information from the outside in. A Standards Workgroup will tackle it starting in 2024, starting with this high-level look at the problem space:
Learn more in this session from the 2023 FAIR Conference:
How to Re-think Third-Party Risk with FAIR-TAM™
Free FAIR Inst membership required to view. Join now!
About the FAIR Institute Standards Committee and Workgroups
The Standards Committee maintains and governs the FAIR Taxonomy and Analytics Model as well as the standard extensions and other deliverables created by the Standards Workgroups. The members of those bodies are a distinguished group of FAIR practitioners at Meta, Google, Cisco and other CRQ champions and led by FAIR Institute Chairman Jack Jones and Standards and Research Director Pankaj Goyal.
Learn more about the FAIR Institute’s research programs.
Standards Committee Members
Jack Jones, Chairman, FAIR Institute
Pankaj Goyal, Director, Standards & Research, Fair Institute
Denny Wan, Sydney Chapter Chair, FAIR Institute
Mike Radigan, Cyber Risk Advisor, Cisco
Michael Coden, Senior Advisor, BCG
Workgroup Members
GenAI
Brandon Sloane, Information Security Risk Management Lead, Meta
Omar Khawaja, VP Security, Field CISO, Databricks
Dr. Keyun Ruan, Risk Economics & Strategy, Google Cloud CISO, Alphabet
Jack Jones, Chairman, FAIR Institute
Pankaj Goyal, Director, Standards & Research, FAIR Institute
Supply Chain Risk
Mike Wilson, CISO, Molina Healthcare
Marek Jakubczak, Supplier Cyber Security Risk & Assurance Director, GSK
Denny Wan, Sydney Chapter Chair, FAIR Institute
Erica Eager, Sr. Director, Risk Quantification, Safe Security
Pankaj Goyal, Director, Standards & Research, FAIR Institute
Materiality Analytics
(Members to be determined)
