Jack Jones, creator of FAIR™, the standard model for quantifying cyber and operational risk, leads two seminars at the 2023 RSA Conference on Tuesday, April 25, from 8:30am to 10:30am and 1:15pm to 3:15pm PT. The seminars are titled: Today’s Best Practices for Cybersecurity Risk Management. Register for a seminar with your conference pass. Register now for the conference.
Jack's Seminar Description
“In an economy that’s forcing organizations to tighten their belts, the ‘gut-driven’ qualitative risk measurement of the past is no longer sufficient.
“This is especially true given evolving SEC reporting requirements, and the higher losses organizations are experiencing when losses do occur.
“Join our seminar to come up to speed on how cyber risk measurement is evolving and the advantages it can provide. This session will also include a description of common risk measurement challenges and how to deal with them.”
About Jack Jones
SC Media said in awarding Jack its 2019 Reboot leadership Award, “As leader of the FAIR Institute, he has ushered in a revolution in the way that the world’s leading organizations measure and manage cybersecurity risk.”
From the 2014 publication of his book Measuring and Managing Information Risk: A FAIR Approach, to his recent introduction of the FAIR Controls Analytics Model (FAIR-CAM™), Jack has been driving the risk management profession forward to a more accountable, business-friendly approach to risk analytics.
“Unfortunately, there is no cost to the people who are measuring risk poorly now,” Jack said in his address to the 2022 FAIR Conference. “The cost is all borne by the decision-makers and stakeholders who rely on those measurements…There’s no reason for our profession to feel bad about being immature in its approach to risk measurement…In fact, it’s an opportunity. How often do people in a profession have an opportunity to make tremendous leaps in how that profession functions?”
About FAIR Cyber Risk Quantification (CRQ)
As Jack explains in his Buyer’s Guide to Cyber Risk Quantification (FAIR Institute Contributing Membership required to download. Join now!), the basics of CRQ are “Loss event probability is expressed as a percentage (e.g., 10% probability of occurrence in the next 12 months), and magnitude is expressed as a loss of monetary value (e.g., $1.5M). When desired, these values can be combined to express risk as an annualized amount (e.g., $150,000).” How to collect the appropriate data and run analyses that support business decisions? Jack will cover that in detail at his RSAC seminar.
Before RSA: Listen to Jack's recent webinar on Understanding Cyber Risk Quantification.
The FAIR Institute Offers FAIR Analysis Fundamental Training at RSAC 2023
Sunday, April 23 & Monday, April 24
9 AM to 5 PM PT
Register for the training as an add-on to your conference pass.
Register for the conference.
What’s It Like to Go through FAIR Training in Cyber Risk Quantification? Read a conversation with lead trainer Bernadette Dunn.
Join the FAIR Institute as a Contributing Member, receive invitations to exclusive events and discounts on training and the annual FAIR Conference. Join now