FAIR Institute Blog

How to Build a Quantitative Risk Management Program with FAIR – FAIRCON19 Sessions Preview

[fa icon="calendar"] Jun 26, 2019 10:19:40 AM / by Luke Bader

Luke Bader

Jack Jones Speaks FAIRCON18 BHosted by the FAIR Institute, the 2019 FAIR Conference brings leaders in information security, risk management, government, and academia together to explore best practices for FAIR adoption that produce greater value and alignment with business goals.

Discount Ticket Pricing expires on June 30, 2019. Register today to reserve your spot at the risk management conference of the year at the best price!

Leave those old, qualitative risk assessment ways behind and elevate your risk game! Join us for the premiere risk management conference, on September 24 & 25 at the Gaylord Convention Center at National Harbor, MD, just south of Washington, DC.

At FAIRCON19, attendees will hear real-life stories around implementation of FAIR and Cyber Risk Quantification (CRQ) and how these implementations have helped large organizations make better, risk-informed decisions. 

Over the course of the conference, attendees will gain insights from two breakout tracks - one for Advanced Users and one for Beginners, two forward-thinking keynote sessions, and expertly staffed panels.

Explore the Full FAIRCON19 Agenda!

FAIRCON19 sessions will include:

Conference Keynote Address

by Jack Jones, 3x Fmr. CISO, Author of International Standard FAIR Model, Chairman, FAIR Institute

The industry is recognizing that compliance-focused practices, qualitative risk assessments, and maturity models don’t enable the comparisons and prioritization that are necessary to manage risk effectively. Jack's primary goal of this session will be to provide information that will help you to understand and make better-informed decisions regarding the selection and implementation of CRQ solutions.

Day 2 Keynote Address: Why IRM Needs Risk QuantificationJohn Wheeler Gartner-1

by John A. Wheeler, Global Research Leader – Risk Management Technology, Gartner

John has been outspoken about the need for better Integrated Risk Management (IRM) practices since Gartner came to the same conclusion in late 2016 that 'GRC was dead' and that it was shifting its research focus from GRC to IRM. Hear more from John at FAIRCON19 about why IRM needs risk quantification as a critical capability.

Building a Cybersecurity Program with a Risk Management Framework & FAIR

Ian Amit Cimpress

The way a lot of organizations measure risk today fails to quantify risk in a way business can understand and use. This expert panel will discuss how they view and use FAIR and existing risk management frameworks to build their cybersecurity programs. 

  • Kevin Stine, Chief of the Applied Cybersecurity Division, NIST
  • Ian Amit, CSO, Cimpress
  • Jason Martin, GRC Team Manager, Highmark Health
  • Michael Parisi, Vice President Assurance Strategy, HITRUST


Case Study: Am I Mature Enough to Adopt FAIR?

Finding your team's "True North" when starting a FAIR program can be overwhelming. The team from Thrivent Financial will present their experience and tips on how to effectively communicate with business partners, promote collaboration with credible results, leverage an objective and measurable approach, and execute with a repeatable and timely process.

  • Mary Faulkner, Director of Information Security, Thrivent
  • Ben Storm, Info Sec Risk Analyst, Thrivent

Chris Porter Fannie MaeDefining the Goals of an Effective Risk Management Program

This all-star CISO Panel will be debating what the primary objectives should be for an effective risk management program built on FAIR. Whether a beginner or an advanced user, this session will bring clarity on what a well-functioning quantitative program should do.

  • Chris Porter, CISO, Fannie Mae
  • Omar Khawaja, CISO, Highmark
  • Emery Csulak, Deputy CIO for Cybersecurity/CISO, Department of Energy
Laura Voicu SwisscomUse Case Panorama: How Risk Quantification Enables Risk-Aligned Decision Making
Real-life decisions at some of the world's largest companies are being made every day based on a risk quantification analysis. These presenters will walk you through an actual decision they made, how it was informed by an analysis, and how results were analyzed and presented.
  • Alex Rogozhin, VP, InfoSec Data Intelligence, BB&T
  • Laura Voicu, Senior Security Architect, Swisscom
  • Brad Carvellas, Director, Information Security & Risk Management, Highmark Health


Breakout Tracks:  

Track 1: Starting Out with FAIR

A Crash Course on Quantitative vs. Qualitative by Evan Wheeler, CISO, Financial Engines
This session will demystify the topic with fundamental principles of measurement and risk analysis to help you better understand your organization’s true exposure and how to communicate it effectively. Theory will be put into practice and applied to everyday threats that plague security professionals.

(More sessions to come in this track)

Track 2: Advanced User 

Closing the Risk Management Loop with Cyber Risk Quantification by Greg Rothauser, Enterprise Business Information Security Officer (BISO), MassMutual

This session will provide an overview of how to combine FAIR with threat intelligence information, GRC applications and key metrics to complete the risk management life cycle of identify, respond and monitor.

(More sessions to come in this track)

And Many More!

Still not sold? Hear for yourself about the benefits and highlights of FAIRCON with our highlight video below from last year’s conference:



Can’t make the pre-FAIRCON19 training sessions? Prepare for FAIRCON19 with online FAIR Training! Check out the Online FAIR Training, offered by Technical Advisor, RiskLens.

For more information about FAIRCON19, please contact lbader@fairinstitute.org.

Topics: FAIR Conference 2019

Luke Bader

Written by Luke Bader

Luke Bader is Director, Membership and Programs for FAIR Institute

Register Now for FAIRCON20

Subscribe to Email Updates

Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts