Watch this ISACA Webinar for an Introduction to FAIR Cyber Risk Quantification by the Two Jacks (Jones and Freund)

Jack-Jones-Creator-of-FAIR 2You can’t get a more authoritative introduction to Factor Analysis of Information Risk than this webinar for ISACA by Jack Jones, creator of FAIR™ and Chairman of the FAIR Institute, and his co-author on the FAIR book, Jack Freund, Head of Cyber Risk Methodology for VisibleRisk. 

In about an hour, the two Jacks give a persuasive, high-level introduction to the necessity of cyber risk quantification (CRQ) and how FAIR makes CRQ into a tool for communicating risk in business terms.


Watch the ISACA webinar on demand and read a whitepaper on CRQ by Jack Freund. Requires a free ISACA membership.


Jack Jones sets up the value proposition for a risk-based approach to cybersecurity, using quantification of loss exposure in dollars: 

FAIRCON19-Jack-Freund 2“At the end of the day, our problem space, the cybersecurity landscape, is incredibly complex and dynamic, and we have limited resources, which means we have to be really good at prioritizing. If we can’t prioritize the challenges we face, then we aren’t going to win. We simply have no chance, I believe, of prevailing.”

Freund and Jones cover these topics:

What is CRQ?

>>“The application of rigorous statistical methods to quantify the impact and frequency of cybersecurity incidents.”

How cyber risk quantification fits with the standard cybersecurity frameworks

Problems with heat maps, ordinal scales, and other prevalent risk-rating tools in cybersecurity

>>Classifying risks as red, yellow, and green is too often a substitute for rigorous analysis.

The starting point for quantitative analysis: clearly scoping risk as loss event scenarios

>>Key elements are Asset, Threat Effect, Vector and Method

Types and sources of data for analysis

How to use calibrated estimation and Monte Carlo simulation to account for uncertainty in data

Aligning controls gaps to business loss scenarios, then developing cost/benefit analysis 

Watch the ISACA webinar now.

Interested in a thorough education in FAIR CRQ? Your next step is the FAIR Fundamentals Training course endorsed by the FAIR Institute.

Related: New ISACA White Paper Advises CISOs to Report Cyber Risk to the Board with FAIR

Learn How FAIR Can Help You Make Better Business Decisions

Order today
image 37