The 2021 FAIR Conference (FAIRCON21), October 19-20, the premiere, global, quantitative risk management conference, packs a lot into two days, with tracks for FAIR beginners and advanced practitioners, and sessions covering from all angles our conference theme: Managing Risk and Building Resilience.
Check this guide to find your sessions of high interest – but don’t miss Jack Jones introducing the FAIR Controls Analytics Model, Wednesday, 12:30 PM, an advance in cyber risk management that will change how the industry invests in security.
Day One, Tuesday, October 19
Cyber Resilience Focus
The conference kicks off with a deep dive into the resilience theme with a keynote speech (11:00 AM) by Mary O’Brien, General Manager, IBM Security, followed by a block of four panels and presentations, with a special emphasis around two industries on the front lines of cyber resilience: finance and health.
“How Risk Management is Helping Companies Be More Resilient during Digital Transformation” (12:00 PM) will be led by Omar Khawaja, CISO at Highmark Health, who ramped up a large-scale FAIR program at a major hospital chain in the middle of the pandemic. Also on the panel: CISOs from Thrivent Financial, Freddie Mac, BCP and Kettering Health.
Preview: Watch a Meet a Member video interview with Thrivent CISO Mary Faulkner.
We’re looking forward to “Assessing Cyber Resilience Preparedness” (12:00 PM), the presentation by Matt Tolbert, Sr. Cybersecurity Specialist, Supervision and Regulation, Federal Reserve Bank of Cleveland, for insight and guidance from the Fed, the ultimate guarantor of financial system resilience. The Richmond Fed put out a white paper in 2019 calling for “modeling frameworks such as FAIR” in the banking sector – what’s the latest on that movement?
Next, we’ll hear from the expert FAIR practitioners at Datto with a case study on using FAIR to increase resilience (12:30 PM).
Preview: Watch a Meet a Member video with Jack Whitsitt and Tyanna Smith of Datto
FAIR Practitioner Beginner Track
Security risk engineers Tony Martin-Vegue and Prashanthi Kouth lead “Fireside Chat: How to Get a FAIR Program Off the Ground” (1:15 PM) based on their experience at Netflix, one of the most generous organizations at sharing learnings with the FAIR community.
Preview: Get a head start - watch Tony’s recent webinar How to Start a FAIR Quantitative Risk Analysis Program – Finding Data and Use Cases and come prepared with your questions.
In “Presentation: Implementing a CRQ Program in a Global Organization” (2:30 PM), Gideon Knocke, former Risk Manager, Fresenius, and Tom Callaghan, Co-Founder & Managing Director, C-Risk, Co-Chair of the Paris Chapter of the FAIR Institute, will cover how FAIR risk analysis clarifies the confusing regulatory regime of GDPR, among other trans-national topics.
Preview: Watch a video interview with Tom on Risk-Based GDPR Compliance with FAIR
FAIR Practitioner Advanced Track
We respond to the increasing demand for applying quantitative risk analysis to operational risk, with the presentation “Case Study - Providing Visibility into Operational Risk with FAIR” (1:15 PM) by Seth Mowbray, Senior Risk Analyst, Legal, Risk & Compliance, Government Employees Health Association (GEHA). With the real-world disruptions brought on by the Colonial Pipeline hack and others this year, this topic is top of mind for boards of directors and C-suites. We’ll also hear an operational risk case study from HPE.
Background: Read Demystifying Industrial Control System (ICS) Cyber Risk with FAIR, a blog post by Michael Radigan, Co-Chair, Greater Ohio Chapter.
The natural follow-up to FAIR for operational risk: a case-study session on “Making Better Business Decisions for Third-Party Risk Management” (2:30 PM), presented by Josh Malnourie, Information Security Advisor at Blue Cross Blue Shield of North Dakota (BCBSND) and Bob Maley, Chief Security Officer, Black Kite, the vendor risk management platform.
Background: Watch the video from FAIRCON19, Managing Third Party Cyber Risk with RiskRecon, Horizon Blue Cross, and Cyentia Institute
Day Two, Wednesday, October 20
We welcome back to the FAIR Conference one of the most influential thinkers in risk management, John A. Wheeler, Global Research Leader - Risk Management Technology for Gartner, with a keynote address, “Designing Resiliency and Security at a Time of Uncertainty and Change” (11:00 AM). John has pioneered acceptance of quantitative risk analysis and Integrated Risk Management (IRM), as well as FAIR.
Preview: Watch the video of John’s colleague at Gartner, Khushbu Pratap, presenting the closing keynote for FAIRCON 2020, Drivers for IRM, Digital Transformation & Cost Optimization
The FAIR Institute has long supported CISOs in achieving better board reporting through financial analysis of cyber risk, and FAIRCON21 continues with a view from the other side of the boardroom table, “Board Panel - Improving Risk Governance and Avoiding Blind Spots, Biases and Bad Incentives” (11:45 AM), featuring veteran board members James Lam (E*TRADE), Deb Dunie (Board Leadership Fellow, National Association of Corporate Directors) and Sheila Stamps (Pitney Bowes).
NEWS: Announcing FAIR for Controls
This will be breakthrough news in the world of cyber risk management…FAIR Institute Chairman Jack Jones presents a white paper and keynote:
“Understanding the Value of Controls in Cyber Risk - Unveiling the FAIR Controls Analytics Model (FAIR-CAM)” (12:30 PM)
FAIR-CAM, for the first time, enables security teams to reliably evaluate how controls affect risk in financial terms. It’s an extension of FAIR that makes the risk quantification standard even more useful for decision support.
Jack’s session will be followed by a panel on mapping FAIR-CAM to the popular cybersecurity frameworks (1:15 PM) and a FAIR-CAM case study (2:00 PM) on applying the model to decision-making on multi-factor authentication.
Data for FAIR analysis – where to find it and how to use it – is a popular topic for attendees, and we’re answering the most-asked questions in these sessions:
“Case Study: Accelerating FAIR Analyses by 10x with Out-of-the-Box Data” (1:15 PM) by Ben Gowan and Justin Theriot of RiskLens, will cover loss tables, data helpers and other accelerators.
“Presentation: Challenges and Opportunities in FAIR Data Collection” (2:00 PM) by David Severski, Sr. Data Scientist at Cyentia Institute
Preview: One of the most popular sessions from FAIRCON2020 was presented by Wade Baker, David’s colleague at Cyentia: How to Find Data for Every One of the FAIR Factors.
Public Policy Track
Resilience is a national security issue, too, and two of this year’s sessions will highlight the central role risk management should play in guiding national cyber policy:
“Presentation - Building Resilience in Cyberspace: Reporting on Progress from the Cyberspace Solarium Commission” (1:15) with the Cyberspace Solarium Commission’s Frank Cilluffo and Mark Montgomery.
“Presentation - Ensuring the Resilience of National Critical Functions” (2:00 PM) by Bob Kolasky, Director, National Risk Management Center (NRMC) at the Department of Homeland Security (DHS).
Background: Watch the discussion from last year’s FAIR Conference, with Commission members Rep. Mike Gallagher and Chris Inglis, A Strategic Approach to Defending the U.S. in Cyberspace.