This is a re-posting of Bill Murphy's Redzone Podcast
Today I had an interesting conversation with Jack Jones. This is Jack’s second time on the show and I loved our discussion. It is a gem of learning and is packed with information that you can use right away. Jack was one of the first CISOs in the United States and he is the inventor of the FAIR model for analyzing Information Security Risk. Jack’s bio is extensive and here is a short list of his accomplishments.
Jack Jones has worked in technology for over 30 years, and information security and risk management for 25 years. He has over nine years of experience as a CISO with three different companies, including five years at a Fortune 100 financial services company. He received the ISSA Excellence in the Field of Security Practices award at the 2006 RSA Conference. In 2007, he was selected as a finalist for the Information Security Executive of the Year, Central United States, and in 2012 was honored with the CSO Compass award for leadership in risk management. Jones is also the author and creator of the Factor Analysis of Information Risk (FAIR) framework. Currently, Jones serves on the ISC2 Ethics Committee, and is the Executive Vice President, Research and Development of Risk Lens, Inc.
Suffice it to say that Jack is a rock star in the Information Security and IT Security risk community!
6 Key Points
- Why top 10 lists for IT Security are useless
- How to add probability and possibility of events happening into your risk models
- How to present data that your board of directors will love
- How to develop range into your communication
- How to apply critical thinking, logic and Socratic methods to your analysis
- How to apply rigor in developing a defensible argument