As the FAIR model and risk quantification brings cyber risk management in line with the rest of enterprise risk management, the roles of CISO and CRO also pull closer together. A panel discussion at the recent 2018 FAIR Conference showed a cooperative CISO/CRO relationship in action
At the recent 2018 FAIR Conference, James Lam, the enterprise risk management and corporate governance authority and chairman of the risk committee for the E*TRADE board of directors, gave a master class
Star Trek movie fans will likely recognize “Kobayashi Maru” as a reference to the training exercise used by Star Fleet to evaluate how cadets respond to a no-win scenario.
Greetings FAIR Instituters! I’m glad to be able to give you a summary of research that many of you participated in a few months ago. Before I do that, though, we need to rewind a bit further back in time.
Jack Jones, FAIR Institute chairman and creator of Factor Analysis of Information Risk, gave a remarkable keynote address to the 2018 FAIR Conference at Carnegie Mellon University in Pittsburgh that was both an unsparing look at the limitations of the risk profession and a prescription for how to break through to The Next Frontier in Risk Management
You will hear some in the profession refer to “upside risk” and “downside risk”, or “positive risk” and “negative risk.” This can be confusing for the vast majority of people who think of risk solely in terms of loss from adverse events
Risk is inherent in business. By operating in the market place, offering products or services to the public, processing transactions or storing data, companies large and small face risk, and increasingly that’s cyber risk. The question is, how do these companies decide whether to accept or respond to risks?
A very positive review of FAIR from The Wall Street Journal’s WSJ Pro Cybersecurity Cyber Daily newsletter (subscription required) in a recent article profiling Charles Schwab’s implementation of a FAIR program: “Companies are moving to deploy methods to calculate the financial impact of cyber threats.
Last week at the third annual FAIR Conference, I was able meet and talk with many members to hear about their work and excitement with FAIR. I’m happy to share some top moments and photos here and the full album of photos in the Photo Gallery on our member community, LINK.
The FAIR Institute is excited to announce a new local chapter, created specifically for members of the Federal Government. The chapter kicks off with a breakfast discussion November 15 in Washington on the topic "Assessing Cyber Risk in Federal Government". Register now.