Judging by the most popular new blog posts published in 2021, FAIR Institute members are interested in the frontiers of thought on risk but also the day-to-day techniques and habits for steady improvement of risk analysis and management. Here are the eight biggest attention-getters:
#1 At FAIRCON21, Jack Jones Introduces the FAIR Controls Analytics Model (FAIR-CAM™), the Standard for Measuring the Effectiveness of Cybersecurity Controls
No surprise that the leader was this post and related ones covering the big event of the year in FAIR-world, the new controls analytics model from FAIR Institute Chair Jack Jones that will begin to redefine cyber risk management in many ways, starting in 2022.
Collectively, the dozens of blog posts and conference session videos on the LINK members site drew a very large audience to soak up a torrent of information from the most experienced FAIR practitioners and thought leaders. After the #1 Jack Jones/FAIR-CAM post, this one drew the most attention: Reporting to the Board on Cyber Risk: 2 Charts to Tell Your Story.
#3 Watch Out for these 5 ‘Cyber Risk Quantification’ Methods. They Don’t Support Cost-Effective Risk Management
This post introduced Understanding Cyber Risk: A Buyer’s Guide, the comprehensive e-book by Jack Jones, covering the landscape of cyber risk analysis methods and processes.
#4 New ISACA White Paper Advises CISOs to Report Cyber Risk to the Board with FAIR
2021 was another year of growing recognition of FAIR as the standard for quantitative analysis of cyber and technology risk. Here’s another example from the year: IBM’s 'Cost of a Data Breach Report 2021' Recommends FAIR Risk Quantification
#5 Video: How to Turn Your Risk Register Items into Risk Scenarios You Can Quantify with FAIR
Giving new meaning and purpose to a GRC is a popular use case for FAIR and this video clearly and succinctly shows how to get that process rolling.
#6 FAIR Beginner's Guide: What Do the Numbers Mean?
FAIR education topics are the single most popular type of blog post on the FAIR Institute website. This beginner guide was the best read of the new ones in 2021, with this one in second place: FAIR Terminology 101 – Risk, Threat Event Frequency and Vulnerability
#7 Calculating Your Company’s Total Cybersecurity Risk Exposure (Part 1)
We welcome blog posts written by FAIR Institute members and we were fortunate to receive many in 2021, including this most popular in the category, by Gideon Knocke (right). The runner up came from Tony Martin-Vegue: Modeling the Vulnerability du Jour.
#8 Jack Jones: The First 2 Moves Every New CISO Should Make
Obviously, when Jack speaks, CISOs listen