FAIR Institute Blog

Jack Jones in 'Dark Reading': Loose Talk on ‘Risk’ Damages Infosec Profession

[fa icon="calendar"] Jul 12, 2018 8:45:00 AM / by Jeff B. Copeland

Jack Jones FAIR Training copyIn a new commentary on the Dark Reading website, What We Talk About When We Talk About Risk, FAIR Institute Chairman and cyber risk quantification pioneer Jack Jones takes the cybersecurity profession to task for the many confused – and confusing – ways it uses the term risk.

“Which of these are risks?” Jack asks when he speaks to information security professional groups.

  • Vulnerabilities
  • Disgruntled employees
  • Reputation
  • Untested recovery plans
  • Sensitive consumer information
  • Weak passwords
  • Cybercriminals

“All of them!” the audience answers. In fact, none of them are risks in the way that business leaders think of risk as potential loss events for the business. “The same executive stakeholders whose eyes glaze over when we talk about vulnerabilities and threat vectors suddenly take interest when the risks we talk about are loss events,” Jack writes.

Jack cautions against another blind spot for the profession, the notion that cyber risk can’t be measured. “The good news is that measuring infosec risk is not that hard once you've gotten your terms straight and when you leverage well-established methods and principles from other risk disciplines.” In other words, the FAIR model.

Many other disciplines went through long periods before they settled on standardized terms and principles,  Jack writes. "But given today's imperatives surrounding cyber and technology risk management, we do not have the luxury of decades to get our act together." 

Read What We Talk About When We Talk About Risk now.

More About FAIR and quantitative cyber risk analysis:

FAIR Adoption Soars as 3,000 Members Milestone Is Hit

Gartner Names Risk Quantification a Critical Capability of Integrated Risk Management

Topics: FAIR, Risk Management, Jack Jones

Jeff B. Copeland

Written by Jeff B. Copeland

Jeff is the Content Marketing Manager for RiskLens.


Subscribe to Email Updates

Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts