FAIR Institute Blog

Be a Master Chef of Cyber Risk: Whip Up an Analysis from a Few Ingredients

[fa icon="calendar'] Feb 21, 2019 11:45:00 AM / by Chad Weinman posted in FAIR

[fa icon="comment"] 0 Comments

"Cooking is like painting or writing a song. Just as there are only so many notes or colors, there are only so many flavors - it's how you combine them that sets you apart." - Wolfgang Puck

I like this quote as I think it actually can draw comparisons to talented risk analysts.

Read More [fa icon="long-arrow-right"]

Jack Jones: How Much Risk Does that Risk Represent?

[fa icon="calendar'] Feb 21, 2019 8:00:00 AM / by Jack Jones posted in Risk Management, FAIR

[fa icon="comment"] 2 Comments

Yesterday, while speaking to a university cybersecurity class, I was accused of being pedantic when I pointed out a problem with the phrase “The risk of that impact…”

Read More [fa icon="long-arrow-right"]

Security Exception vs. Risk Acceptance: What's the Difference?

[fa icon="calendar'] Feb 6, 2019 2:00:00 PM / by Jack Jones posted in FAIR, Risk Management

[fa icon="comment"] 3 Comments

FAIR model creator Jack Jones recently answered a FAIR Institute member's question about terminology that's one of those easily confused yet critical distinctions in cyber risk management: What's the difference between a security exception (or policy exception) and risk acceptance?

Read More [fa icon="long-arrow-right"]

Meet 3 FAIR Institute Members from Raytheon, Allstate and Pacific Northwest Laboratory [Video]

[fa icon="calendar'] Jan 28, 2019 8:30:00 AM / by Jeff B. Copeland posted in FAIR Conference 2018, FAIR

[fa icon="comment"] 0 Comments

What's the value of FAIR to risk professionals?  Why do they join the FAIR Institute?  We asked Institute members in attendance at the 2018 FAIR Conference for their thoughts on learning and implementing FAIR, on personal and organizational change and the FAIR movement. We'll be running video excerpts of our conversations over time. 
Read More [fa icon="long-arrow-right"]

Help Us Build a Better FAIR Institute Blog for You. Take This Short Survey

[fa icon="calendar'] Jan 23, 2019 8:30:00 AM / by Luke Bader posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

What would you like to see in the FAIR Institute blog that would most advance your knowledge, skills and awareness of FAIR and the fast-growing movement for critical thinking and quantification in risk analysis?

Read More [fa icon="long-arrow-right"]

Risk Measurement vs. Risk Blarney in Cyber Analytics

[fa icon="calendar'] Jan 22, 2019 10:04:49 AM / by Teresa Suarez posted in FAIR

[fa icon="comment"] 0 Comments

A large population of risk professionals are truly gifted. Gifted with the gift of gab, that is. This is because they haven't had any other choice until recently.

Read More [fa icon="long-arrow-right"]

3 Key Metrics in Cyber Risk Analytics

[fa icon="calendar'] Jan 15, 2019 11:50:47 AM / by Tim Wynkoop posted in FAIR

[fa icon="comment"] 0 Comments

I have had the privilege or the curse of working with metrics--depending on which side of the fence you are on--through the course of my career.  I have tended to lean towards the latter. 

Read More [fa icon="long-arrow-right"]

Analyzing Privacy Risk Using FAIR

[fa icon="calendar'] Jan 14, 2019 10:15:21 AM / by R. Jason Cronk posted in Risk Management, FAIR

[fa icon="comment"] 1 Comment

When I saw Jack Jones present on FAIR at an IANS Research Forum several years ago, it was like a light bulb went off in my head. I immediately ordered the FAIR book and began a cover-to-cover reading, twice. I had been unsatisfied with existing methods to assess privacy risks and I was excited to apply my new-found knowledge of FAIR to privacy.

Read More [fa icon="long-arrow-right"]

How a CISO Uses FAIR with NIST CSF to Manage Cyber Risk Across Business Units

[fa icon="calendar'] Jan 3, 2019 9:21:32 AM / by Jeff B. Copeland posted in FAIR, Risk Management

[fa icon="comment"] 1 Comment

In an article for Forbes Technology Council, Two Frameworks For Securing A Decentralized Enterprise, Ian Amit, Chief Security Officer at Cimpress (parent company of Vistaprint), tells how he combines the NIST CSF and the FAIR model to handle a challenging situation

Read More [fa icon="long-arrow-right"]

SEC Cyber Risk Disclosure Guidance, KRIs for Cybersecurity, Risk Trends for Boards – Most Popular FAIR Institute Blog Posts of 2018

[fa icon="calendar'] Dec 27, 2018 8:30:00 AM / by Jeff B. Copeland posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

The Securities and Exchange Commission, the European Union and the International Monetary Fund all pointed cyber risk managers toward cyber risk quantification in 2018

Read More [fa icon="long-arrow-right"]
LEARN MORE

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts