In Part 1 of this series, I discussed that the market for cyber risk quantification (particularly automated CRQ) is growing rapidly, but that automation, done poorly, can to more harm than good. In this post, I’ll begin to discuss what it takes to automate CRQ responsibly.
Jack Jones: Automating Cyber Risk Quantification (Part 2 of 5)
[fa icon="calendar'] Apr 18, 2022 12:05:26 PM / by Jack Jones posted in Jack Jones, Jack Jones on Automating CRQ
Member Survey Results: High Interest in FAIR-CAM, High Concern on Ransomware
[fa icon="calendar'] Apr 13, 2022 11:36:47 AM / by Luke Bader posted in FAIR Institute
Thanks to all the FAIR Institute members who responded to our recent short survey letting us know how we can best serve you in 2022
Jack Jones: Automating Cyber Risk Quantification (Part 1 of 5)
[fa icon="calendar'] Apr 12, 2022 7:45:00 AM / by Jack Jones posted in Jack Jones, Jack Jones on Automating CRQ
Until recently, it’s mostly been organizations with visionary and early adopter tendencies who have embraced cyber risk quantification (CRQ). They understood the value and were willing to deal with the challenges.
Meet a Member Podcast: Cedric De Carvalho of Richemont on Introducing FAIR to 26 Lines of Business
[fa icon="calendar'] Apr 11, 2022 6:18:09 PM / by Luke Bader posted in Meet a Member
Richemont is the parent to 26 luxury brands, all famous names in jewelry, watches, clothing, and accessories, each managed as a separate “Maison.” “When we wanted to compare risk within a business or across businesses, it was complicated”
7 Bits of Advice on Scaling FAIR Risk Management to the Enterprise Level
[fa icon="calendar'] Apr 7, 2022 7:22:00 AM / by Jeff B. Copeland posted in Guides & Tips
We’re hearing increasingly that organizations successful at managing cyber risk in financial terms with Factor Analysis of Information Risk (FAIR™) are now looking to enterprise risk management as the next frontier for quantitative risk management.
Analyzing Privacy Risk Using FAIR
[fa icon="calendar'] Apr 5, 2022 6:08:00 PM / by R. Jason Cronk posted in Risk Management, Member Content
When I saw Jack Jones present on FAIR™ at an IANS Research Forum several years ago, it was like a light bulb went off in my head. I immediately ordered the FAIR book
Register Now for the 2022 FAIR Conference
[fa icon="calendar'] Mar 31, 2022 6:47:21 AM / by Luke Bader posted in FAIR Conference 2022
Registration is open for the FAIR Institute’s 2022 FAIR Conference (FAIRCON22), September 27-28, with optional training courses pre-FAIRCON22. We are excited to be hosting FAIRCON22 back in person at the Mandarin Oriental Hotel in Washington, DC
Insights from Dropbox on Building a Quantitative Cyber Risk Management Program
[fa icon="calendar'] Mar 30, 2022 4:52:48 PM / by Jeff B. Copeland posted in FAIR Conference 2022
Dropbox is taking a methodical and thoughtful approach to implement its FAIR quantitative risk management program, led by cyber risk manager Tyler Britton
RiskLens Debuts Self-Service Cyber Risk Quantification Tool at 2022 FAIR Conference Series
[fa icon="calendar'] Mar 29, 2022 10:20:26 AM / by Jeff B. Copeland posted in FAIR Conference 2022
“Cyber risk quantification for all” is the promise of the new My Cyber Risk Benchmark tool introduced at the first quarterly event in the 2022 FAIR Conference series by RiskLens, the FAIR Institute’s technical adviser.
What’s the Risk Reduction Effect of NIST CSF Maturity Scores? Jack Jones and the FAIR-CAM Team Are Working on It
[fa icon="calendar'] Mar 21, 2022 2:21:31 PM / by Jeff B. Copeland posted in FAIR-CAM
Since Jack Jones introduced the FAIR Controls Analytics Model (FAIR-CAM™) at the 2021 FAIR Conference, “I get asked all the time, ‘Can we take our NIST CSF scores and plug them into FAIR-CAM and measure controls efficacy and risk reduction value?’”