FAIR Institute Blog

FAIR Risk Basics: What Is Loss Magnitude?

[fa icon="calendar'] Apr 15, 2021 4:11:25 PM / by Jeff B. Copeland posted in FAIR

[fa icon="comment"] 5 Comments

Factor Analysis of Information Risk (FAIR™) defines “risk” in a way that’s both simple and useful.  

Risk = the probable frequency and probable magnitude of future loss

Read More [fa icon="long-arrow-right"]

Create a Forward-Looking Risk Register - Part 2 of Tony Martin-Vegue's 'Modeling the Vulnerability du Jour'

[fa icon="calendar'] Apr 14, 2021 12:53:20 PM / by Tony Martin-Vegue posted in Risk Management, Member Content

[fa icon="comment"] 0 Comments

Strange, unusual, media-worthy vulnerabilities and cyberattacks… they seem to pop up every few months or so and send us risk managers into a fire drill. The inevitable questions follow:

Read More [fa icon="long-arrow-right"]

White House Will Nominate Chris Inglis, Former NSA Deputy Director and FAIR Conference Speaker, to Be National Cyber Director

[fa icon="calendar'] Apr 13, 2021 11:25:21 AM / by Jeff B. Copeland posted in Government, Recognition for FAIR

[fa icon="comment"] 0 Comments

Pres. Biden announced his intention to nominate Chris Inglis for the new National Cyber Director role, coordinating cybersecurity across civilian agencies.

Read More [fa icon="long-arrow-right"]

Lawfare Blog Post on Enterprise Cybersecurity Measurement Makes the Case for Integrating FAIR in a 'Modular' Defense

[fa icon="calendar'] Apr 8, 2021 8:32:28 AM / by FAIR Institute Staff posted in Risk Management

[fa icon="comment"] 0 Comments

With permission, we are re-publishing this post from Lawfare, the influential blog that covers the intersection between law and national security.

Read More [fa icon="long-arrow-right"]

Jack Jones: State ‘Safe Harbor’ Laws Should Promote Effective Cyber Risk Management, Not Just Compliance with Frameworks

[fa icon="calendar'] Apr 7, 2021 12:43:04 PM / by Jack Jones posted in Jack Jones

[fa icon="comment"] 2 Comments

State legislatures in Nevada, Ohio, Utah and Connecticut have passed or are in the process of passing “safe harbor” protection against negligence lawsuits for companies hit with a data breach – if the companies implement controls from a recognized cybersecurity framework.

Read More [fa icon="long-arrow-right"]

New FAIR Institute Member Tiers to Support a Growing Membership Base

[fa icon="calendar'] Apr 5, 2021 9:40:00 AM / by Luke Bader

[fa icon="comment"] 0 Comments

As the global community of quantitative risk management professionals continues to grow, we at the FAIR Institute are eager to grow with it.

Read More [fa icon="long-arrow-right"]

Download a 4-Point Primer on FAIR to Share with Your Organization

[fa icon="calendar'] Mar 31, 2021 10:29:00 AM / by Luke Bader posted in FAIR

[fa icon="comment"] 0 Comments

FAIR Evangelists - Here's a short handy, persuasive explainer about the FAIR™ standard for cyber risk quantification that you can download in pdf form, suitable as a leave-behind after meeting with a small group or for circulating throughout your organization. 

Read More [fa icon="long-arrow-right"]

“Un-FAIR” Attestations: Applying FAIR to Third-Party Risk Management

[fa icon="calendar'] Mar 31, 2021 8:07:00 AM / by Donna Gallaher posted in Member Content

[fa icon="comment"] 0 Comments

The recent SolarWinds and Microsoft security issues remind us of the importance of Third-Party Risk Management (“TPRM”).  If your organization is using a one-scorecard-fits-all approach to TPRM, you may be wasting resources

Read More [fa icon="long-arrow-right"]

Meltdown, Spectre, Heartbleed - Risk Modeling the Vulnerability du Jour, Part 1: Framing

[fa icon="calendar'] Mar 30, 2021 2:23:57 PM / by Tony Martin-Vegue posted in Member Content

[fa icon="comment"] 0 Comments

Every few months or so, we hear about a widespread vulnerability or cyber attack that makes its way to mainstream news. Some get snappy nicknames and their very own logos

Read More [fa icon="long-arrow-right"]

Meet a Member: Mary Faulkner, CISO at Thrivent, with Tips on Building Support in the Business for FAIR [Video]

[fa icon="calendar'] Mar 25, 2021 6:58:17 AM / by Luke Bader posted in Meet a Member

[fa icon="comment"] 0 Comments

Mary Faulkner got her education on Factor Analysis of Information Risk (FAIR™) straight from the source, as a co-worker with FAIR creator Jack Jones when he was CISO at Nationwide Insurance in the early 2000s.

Read More [fa icon="long-arrow-right"]
LEARN MORE