The Securities and Exchange Commission’s new guidance on cybersecurity risk disclosure landed with a thud in board rooms, C-suites and infosecurity shops, particularly for its requirements on reporting ongoing cyber risks
The MIT Technology Review recently published an article about what they called “cyber threats.” While the article identifies trending attack methods and scenarios to be concerned about, none of the things that made the list are actually threats.
Join Jack Jones, creator of the FAIR model for risk analysis, for a webinar on Tuesday, April 3, at 2 PM ET on “New SEC Cyber Risk Disclosure Guidance: The FAIR Advantage”.
Reporting results from a risk analysis can seem like a daunting and cumbersome task. Even after a lot of work, key stakeholders may walk away without a good understanding of what the results truly mean.
A recurring question in the early stages of FAIR adoption is, “How do I get organizational buy-in for FAIR?” The short answer is: You communicate FAIR’s value proposition.
The FAIR Institute recently hosted a Virtual Panel Webinar on our FAIR University Curriculum. The webinar was held for interested professors and deans from academic institutions that are building information risk management courses, based on FAIR.
The term “Black Swan event” has been part of the risk management lexicon since its coinage in 2007 by Nassim Taleb in his eponymous book titled The Black Swan: The Impact of the Highly Improbable.
Tips and insight from Jack Jones and Jack Freund, authors of the FAIR book...
The Securities and Exchange Commission’s new guidance on cyber risk disclosure has shaken up infosec teams, C-suiters and board members at public companies over the past two weeks.
I recently attended the SIRACon conference in Seattle where I had the privilege to hear leaders from prestigious companies speak about their experience using quantitative analysis of cyber risks. One of the presentations that stood out related to sources of error and bias in survey results.
This last post in the series will focus on briefly summarizing and answering the thoughts/concerns posted by Martin Huddleston in his comments following Part 2. I felt this follow-up post was warranted because some readers seemed to misinterpret Martin’s comments as an indictment