Hosted by the FAIR Institute, the 2019 FAIR Conference brings leaders in information security, risk management, government, and academia together to explore best practices for FAIR adoption that produce greater value and alignment with business goals.
Discount Ticket Pricing expires on June 30, 2019. Register today to reserve your spot at the risk management conference of the year at the best price!
Leave those old, qualitative risk assessment ways behind and elevate your risk game! Join us for the premiere risk management conference, on September 24 & 25 at the Gaylord Convention Center at National Harbor, MD, just south of Washington, DC.
At FAIRCON19, attendees will hear real-life stories around implementation of FAIR and Cyber Risk Quantification (CRQ) and how these implementations have helped large organizations make better, risk-informed decisions.
Over the course of the conference, attendees will gain insights from two breakout tracks - one for Advanced Users and one for Beginners, two forward-thinking keynote sessions, and expertly staffed panels.
FAIRCON19 sessions will include:
Conference Keynote Address
by Jack Jones, 3x Fmr. CISO, Author of International Standard FAIR Model, Chairman, FAIR Institute
The industry is recognizing that compliance-focused practices, qualitative risk assessments, and maturity models don’t enable the comparisons and prioritization that are necessary to manage risk effectively. Jack's primary goal of this session will be to provide information that will help you to understand and make better-informed decisions regarding the selection and implementation of CRQ solutions.
Day 2 Keynote Address: Why IRM Needs Risk Quantification
by John A. Wheeler, Global Research Leader – Risk Management Technology, Gartner
John has been outspoken about the need for better Integrated Risk Management (IRM) practices since Gartner came to the same conclusion in late 2016 that 'GRC was dead' and that it was shifting its research focus from GRC to IRM. Hear more from John at FAIRCON19 about why IRM needs risk quantification as a critical capability.
Building a Cybersecurity Program with a Risk Management Framework & FAIR
The way a lot of organizations measure risk today fails to quantify risk in a way business can understand and use. This expert panel will discuss how they view and use FAIR and existing risk management frameworks to build their cybersecurity programs.
- Kevin Stine, Chief of the Applied Cybersecurity Division, NIST
- Ian Amit, CSO, Cimpress
- Jason Martin, GRC Team Manager, Highmark Health
- Michael Parisi, Vice President Assurance Strategy, HITRUST
Case Study: Am I Mature Enough to Adopt FAIR?
Finding your team's "True North" when starting a FAIR program can be overwhelming. The team from Thrivent Financial will present their experience and tips on how to effectively communicate with business partners, promote collaboration with credible results, leverage an objective and measurable approach, and execute with a repeatable and timely process.
- Mary Faulkner, Director of Information Security, Thrivent
- Ben Storm, Info Sec Risk Analyst, Thrivent
Defining the Goals of an Effective Risk Management Program
This all-star CISO Panel will be debating what the primary objectives should be for an effective risk management program built on FAIR. Whether a beginner or an advanced user, this session will bring clarity on what a well-functioning quantitative program should do.
- Chris Porter, CISO, Fannie Mae
- Omar Khawaja, CISO, Highmark
- Emery Csulak, Deputy CIO for Cybersecurity/CISO, Department of Energy
Real-life decisions at some of the world's largest companies are being made every day based on a risk quantification analysis. These presenters will walk you through an actual decision they made, how it was informed by an analysis, and how results were analyzed and presented.
- Alex Rogozhin, VP, InfoSec Data Intelligence, BB&T
- Laura Voicu, Senior Security Architect, Swisscom
- Brad Carvellas, Director, Information Security & Risk Management, Highmark Health
Track 1: Starting Out with FAIR
A Crash Course on Quantitative vs. Qualitative by Evan Wheeler, CISO, Financial Engines
This session will demystify the topic with fundamental principles of measurement and risk analysis to help you better understand your organization’s true exposure and how to communicate it effectively. Theory will be put into practice and applied to everyday threats that plague security professionals.
(More sessions to come in this track)
Track 2: Advanced User
Closing the Risk Management Loop with Cyber Risk Quantification by Greg Rothauser, Enterprise Business Information Security Officer (BISO), MassMutual
This session will provide an overview of how to combine FAIR with threat intelligence information, GRC applications and key metrics to complete the risk management life cycle of identify, respond and monitor.
(More sessions to come in this track)
And Many More!
Still not sold? Hear for yourself about the benefits and highlights of FAIRCON with our highlight video below from last year’s conference:
For more information about FAIRCON19, please contact firstname.lastname@example.org.