The FAIR Institute ran an intense schedule at the recent RSAC24 Conference in San Francisco, with a nonstop, all-day flow of people at our booth, a packed evening event and an introductory seminar led by FAIR creator Jack Jones and Bernie Dunn.
We came away with one big impression from the major event of the year in cybersecurity and cyber risk management: There’s really no pushback on cyber risk quantification anymore. People understand the value, want to learn more and are eager to implement a FAIR program.
Bernadette “Bernie” Dunn (left) is Head of Education and Luke Bader (right) is Director, Membership and Programs at the FAIR Institute
At the FAIR Institute Booth
The overall theme from our booth visitors was: help! We handed out all our materials, including Jack’s FAIR book. Visitors fell into some general categories:
- Had done some preliminary research on FAIR on their own and were ready to go to the next level. We referred them to the FAIR Analysis Fundamentals course, available online or as a hybrid version with an instructor for an introduction to FAIR concepts and techniques.
- Looking for a deep dive into FAIR with a view to understand the methodology well enough to do it themselves. We could recommend the FAIR book, Measuring and Managing Information Risk.
- Investigating FAIR for their CISO, CRO or other decision-maker. We suggested an Executive Briefing by the Institute (contact us for the details).
- Sold on FAIR, wanting to know how to build it into an existing cyber risk management program. The 2024 FAIR Conference will deliver a four-hour training session on just that topic. We could also refer visitors to our technical advisor and partners for consulting services on building a CRQ program.
FAIR Institute Evening Event with IHG Hotels & Resorts
Our evening event at a wine bar drew a strong turnout of show attendees, most of them new to FAIR and eager to hear from peers on implementing CRQ. David Jordan, SVP & Chief Information Security Officer, and Michelle Griffith, VP, Security Governance, Risk & Compliance, at IHG, the international hotel chain, talked about their FAIR journey, especially the importance of training the risk management team on FAIR and picking your shots for risk analysis – “don’t boil the ocean,” as they said. Read more: IHG Hotels Shares Its Story of Scaling FAIR.
FAIR Seminar at RSA Conference 2024
Jack and Bernie presented “Mastering Cybersecurity Risk with FAIR: An Introduction and Case Study,” a four-hour seminar that introduced FAIR risk quantification basics but also ranged into discussion of automating FAIR analysis with the help of the FAIR Controls Assessment Model (FAIR-CAM). As Jack writes, “If we don’t understand and account for the mechanisms by which controls affect risk, then the analytic results won’t be accurate” and automation won’t be reliable.
More Impressions of RSAC24…
AI was by far the dominant theme of the sessions at this year’s conference – so much that we picked up on some AI brain fatigue from our booth visitors. We could refer them to the FAIR Artificial Intelligence Framework for some clarity on AI – and let them know that we will take a deeper dive at the 2024 FAIR Conference.
Our technical sponsor Safe Security created some conference buzz around third party risk management with the introduction of a TPRM solution that leverages FAIR, FAIR-CAM, other frameworks from the FAIR family as well as other open-source standards. Learn about our FAIR Third Party Assessment Model (FAIR-TAM)
Thanks to all for visiting our booth and attending our events at the 2024 RSA Conference – and for all the interest you showed in FAIR! We hope to see you all again at FAIRCON24 (early bird pricing ends May 31!)
