FAIR Institute Chairman Jack Jones will speak on how to apply the FAIR risk quantification model with the NIST Cybersecurity Framework for better executive decision-making at the 2018 NIST Cybersecurity Risk Management Conference in November, the annual meeting that’s often a leading indicator of the where the risk profession is headed.
Here’s how the NIST conference agenda describes Jack’s talk:
“The bread and butter of executive life involves making difficult trade-offs regarding where to apply their limited resources. These trade-offs invariably require value/liability-based comparisons that need to be as ‘apples-to-apples’ in nature as possible…
“By expressing risk and risk reduction in economic terms, this approach enables cost-benefit measurements that executives innately understand, and which supports rational and defensible choices that otherwise aren’t possible.”
Jack has written extensively on how the FAIR model complements the NIST CSF (see his blog post series NIST CSF and FAIR). The CSF is a set of best cyber-defense practices adopted by about one-third of big companies, and FAIR is the leading international standard for cyber risk quantification – analyzing risk in financial terms. Thirty percent of the Fortune 100 companies already use FAIR.
As Jack writes in the blog series, because “checklist frameworks don’t assist in actually measuring risk, organizations are left to their own devices to evaluate whether compliance is sufficient. This is where FAIR comes in.
“FAIR is an analytic model that enables an organization to evaluate and measure the significance of gaps or the sufficiency of compliance so that it can make well-informed choices about where to apply its limited resources.”
Cyber risk quantification has been gaining endorsements this year: Gartner, the influential tech research firm, called it a must-have for integrated risk management. New regulations from the Securities & Exchange Commission and the New York Department of Finance point organizations towards disclosure of cyber risk in financial terms. And membership in the FAIR Institute has gone well past 3,000.
Hear Jack speak at the NIST CSF conference, November 7-9, the Harborplace Hotel, Baltimore: Register here.