Originally published in April, 2019, this summary matrix has now been updated to include the integration of FAIR into the NIST Cybersecurity Framework. NIST has now listed FAIR as an Informative Reference for risk management and risk assessment in the framework. Learn more in this blog post: NIST Maps FAIR to the CSF: Big Step Forward in Acceptance of Cyber Risk Quantification.
Today marks a milestone in FAIR history as NIST has formally published FAIR as an Informative Reference to the NIST CSF, the most widely used cybersecurity framework in the U.S. This means that there is mapping between FAIR and the NIST CSF standard in the sections covering risk analysis and risk management.
FAIR Institute President Nick Sanna was among the featured speakers last week at the first annual Cyber Day on the Hill, an event organized to educate Congressional staff members on cutting edge thinking in cybersecurity, both on the national policy level and for protecting their own offices from attack.
Whether you’ve just been introduced to FAIR, recently completed RiskLens’ FAIR training, or learned about FAIR through self-study, pursuing the Open FAIR Certification is a worthwhile goal. As more large companies and regulatory bodies accept FAIR as a leading methodology for quantitatively analyzing risk, the Open FAIR Certification is becoming increasingly valuable.
Using the FAIR model, forward-thinking CISOs are applying quantitative financial analysis of cyber risk to the recommendations generated by the NIST Cybersecurity Framework. FAIR analysis shows how to prioritize among the recommended best practices in the CSF to maximize investment
The FAIR Institute, in partnership with RiskLens, RSA, RiskRecon, CyberVista, and Protiviti, is launching the 2019 Risk Management Maturity Survey, an opportunity for cyber and information risk professionals to rate their risk management practices and benchmark their organizations against their peers.
"Expert judgment has always played a large role in science and engineering. Increasingly, expert judgment is recognized as just another type of scientific data …" -Goossens et al., “Application and Evaluation of an Expert Judgment Elicitation Procedure for Correlations”
Attendees at the FAIR Institute Breakfast during the recent Gartner Summit on Security and Risk Management heard tales of three successful FAIR cyber risk quantification programs from Matthew Martin of LPL Financial, Robert Immella of Key Bank and, lastly, Musso Shaikh, Program Manager, Cyber Threat Intelligence, at Fannie Mae, the big provider of mortgage financing.
To support the rapid pace of growth in new membership to the FAIR Institute - now at 6,000 members strong and anticipated to surpass 7,000 by year end - the FAIR Institute is growing its support capability and focus on enablement programs for all of its members worldwide.
New York Times reporters Stacy Cowley and Nicole Perlroth turned to FAIR Institute Chairman and RiskLens Chief Risk Scientist Jack Jones to answer the question, why are big banks in an Endless Fight with Hackers, as their article on the massive Capital One breach asks.