Member Survey Results: High Interest in FAIR-CAM, High Concern on Ransomware
Thanks to all the FAIR Institute members who responded to our recent short survey letting us know how we can best serve you in 2022 with educational and community building efforts. Our questions covered two main topics: the risk categories of concern to you this year and the areas of FAIR™ expertise you’d like to develop.
The FAIR Controls Analytics Model (FAIR-CAM™) introduced by FAIR creator Jack Jones at the 2021 FAIR Conference, led the list for knowledge or skills that members most wanted to acquire in 2022. The breakthrough model enables quantitative analysis of the effectiveness of cybersecurity controls and controls systems. Learn more about FAIR-CAM.
FAIR Institute Member Survey Results
Question: “Please rank the areas in which you would like to learn or sharpen FAIR-related skills in 2022”
Asked for other skills on their wish list, respondents mentioned these and more:
“Handling risk in IOT and edge computing”
“Sources of reference data, especially those that are publicly available”
“Applying machine learning to risk analysis”
“Measuring success in remediating risk and what that does to subsequent risk analysis”
“Implementing FAIR on an enterprise scale”
“Bridge the gap between traditional Qualitative Analysis and FAIR. Outcomes of the FAIR process are great. But I need on a budget QUALITATIVE SPEED”
Question: “Please rank these risk categories in order of most concern for 2022”
Respondents also offered a long list of other risk categories, indicative of the scope of cyber and technology risk management jobs these days, including:
“Product cybersecurity defect management”
“Complexity of applications/system”
“Web 3 risks & impact”
“Human Firewall failures (i.e., due to staff burn outs)”
“Non-transparent cloud offerings. How is it possible to keep an overview of all data flow lines? My experience tells me, it's nearly impossible to keep control”
Composition of the Survey Group
Our survey respondent group self-identified as about half FAIR beginners and half FAIR-trained, FAIR-certified, or expert levels.
Seventy percent identified their primary job role as Risk Analysis, followed in rank order by Audit, CISO/CRO/CIO, Cybersecurity First Line of Defense and “Other” including a wide range of roles, such as GRC Consultant, Anti Money Laundering, Enterprise Architect and more.
Thanks again to survey respondents and here’s our pledge: We’ll serve the information needs you have identified, through blog posts, the FAIR Conference, local chapter meetings and our discussion boards. Please keep the suggestions coming!
Director, Membership and Programs