FAIR Institute Blog

Thanks for Recommending Cyber Risk Quantification, Wall St. Journal. Now Let Us Introduce You to FAIR

[fa icon="calendar'] Sep 16, 2020 4:48:59 PM / by Jeff B. Copeland posted in FAIR

[fa icon="comment"] 0 Comments

A recent article from the Wall St. Journal “Cyber Chiefs Calculate Data Breach Costs to Explain Risks to Executives” (subscription required to read) is a welcome endorsement of cyber risk quantification from the influential business publication. 

Read More [fa icon="long-arrow-right"]

FAIR Institute Orientation Webinar: Start Your Journey to Quantitative Cyber Risk Management Here

[fa icon="calendar'] Sep 8, 2020 12:00:36 PM / by Jeff B. Copeland posted in FAIR, FAIR Training

[fa icon="comment"] 0 Comments

In under 15 minutes, watch this webinar and learn about the FAIR™ model, the open-source standard for cyber and operational risk quantification, and the FAIR Institute, the international community that’s leading the risk management profession toward business-aligned and cost-effective risk management. 

Read More [fa icon="long-arrow-right"]

5 Key Ways FAIR Changes Cybersecurity Paradigms

[fa icon="calendar'] Jul 23, 2020 10:56:09 AM / by Tyler Britton posted in FAIR

[fa icon="comment"] 0 Comments

Generally speaking, the major challenge organizations have with adopting FAIR™ is changing to a new way of managing risk. And make no mistake, FAIR will require a different way of thinking about risk and a different way of performing risk management.

Read More [fa icon="long-arrow-right"]

Starting Off on the Right Foot: How to Clearly Define a Risk Scenario Statement for FAIR Analysis

[fa icon="calendar'] Jun 23, 2020 2:41:33 PM / by Tim Wynkoop posted in FAIR

[fa icon="comment"] 0 Comments

Whether it is difficulty with data gathering, calibrating estimates, or presenting results, problems that come up in FAIR analysis tend to stem from the same source: a lack of a clearly defined risk scenario statement.

Read More [fa icon="long-arrow-right"]

Why Rationale Is Crucial in Cyber Risk Quantification

[fa icon="calendar'] Jun 17, 2020 12:04:00 PM / by Christina Dulovich posted in FAIR

[fa icon="comment"] 0 Comments

The foundation of any good risk analysis is the rationale -- the documentation of the thought process driving the ranges you selected for analysis with the FAIR model.

Read More [fa icon="long-arrow-right"]

Microsoft Promotes FAIR™ Analysis for Cloud Security Risk

[fa icon="calendar'] Jun 16, 2020 7:36:00 AM / by Jeff B. Copeland posted in FAIR

[fa icon="comment"] 0 Comments

Microsoft Learn, the software giant’s educational site for developers, architects and IT administrators, now highlights FAIR™ (Factor Analysis of Information Risk) in its tutorials on cloud security.

Read More [fa icon="long-arrow-right"]

FAIR Institute Summer Book Club Part 2 – Reading the FAIR Book Together

[fa icon="calendar'] Jun 10, 2020 10:44:20 AM / by Rebecca Merritt posted in FAIR, FAIR Summer Book Club 2020

[fa icon="comment"] 0 Comments

All summer, we are reading and discussing the FAIR™ book, Measuring and Managing Information Risk by Jack Freund and Jack Jones, the authoritative text on quantitative cyber risk analysis and risk management, with a new discussion guide every two weeks to help FAIR summer book clubs spark conversation.  

Read More [fa icon="long-arrow-right"]

NASA’s Risk Management Handbook Shares the Spirit of FAIR™ and Quantitative Risk Analysis

[fa icon="calendar'] Jun 4, 2020 7:30:00 AM / by Jeff B. Copeland posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

With the first flight of an American spacecraft carrying NASA astronauts launched from US soil since 2011, a FAIR Institute Member sent us a note pointing out that the NASA Risk Management Handbook shares a lot of the spirit of FAIR™.  

Read More [fa icon="long-arrow-right"]

You DO Have Enough Data for a Quantitative Risk Analysis

[fa icon="calendar'] Jun 3, 2020 3:47:25 PM / by Sara Dominick posted in FAIR

[fa icon="comment"] 0 Comments

It’s a common misconception about quantitative risk analysis that not “enough” data or“bad” data means bad calibration. That’s not true in a couple of ways. First, one always has “enough” data to conduct an analysis and second, with calibrated estimation, we’re not dependent on the amount of data we bring to the table.  

Read More [fa icon="long-arrow-right"]

How FAIR™ Can Help the US Federal Government Better Prioritize and Right-Size Its Cybersecurity Investments

[fa icon="calendar'] May 15, 2020 7:45:00 AM / by Nicola (Nick) Sanna posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

>>DHS/OMB mean well in pushing for a risk-based approach to cybersecurity in the Federal Government, but their requirements fall short of helping agencies effectively prioritize and right-size their cybersecurity investments

Read More [fa icon="long-arrow-right"]
LEARN MORE