Hat tip to the members of the FAIR Institute who have done so much to develop FAIR™ as the standard for quantitative cyber risk analysis – and a special recognition medal to the team of volunteers who mapped the new FAIR-CAM controls analytics model
Mapping FAIR-CAM to Cybersecurity Frameworks: ‘Compliance Is Going to Radically Change’
[fa icon="calendar'] Nov 23, 2022 3:17:56 PM / by Jeff B. Copeland posted in FAIR-CAM, FAIR Conference 2022
FAIRCON22 Video: Jack Jones Explains FAIR Controls Analytics, RiskLens Previews the FAIR-CAM Tool for Quantitative Risk Analysis Automation
[fa icon="calendar'] Nov 3, 2022 9:48:34 AM / by Jeff B. Copeland posted in Jack Jones, FAIR-CAM, FAIR Conference 2022
Cyber risk analysis must scale to meet the rising challenges of cybersecurity, and automation of quantitative analysis will get us there.
Automation Is the Future of Cyber Risk Quantification. Get a First Look, Attend the 2022 FAIR Conference
[fa icon="calendar'] Sep 21, 2022 10:20:51 AM / by Jeff B. Copeland posted in FAIR-CAM, FAIR Conference 2022
Automating quantitative cyber risk analysis – pulling together updated controls telemetry, threat intel, asset data, audits information and more to produce always-on analytics
FAIR Institute Message to NIST Proposes Enhancing the NIST CSF with Quantitative Controls Analysis (FAIR-CAM)
[fa icon="calendar'] Aug 17, 2022 9:18:33 AM / by Luke Bader posted in FAIR-CAM
Contributing to the National Institute of Standards and Technology (NIST) effort to update the Cybersecurity Framework (NIST CSF), the FAIR Institute sent a proposal to help align the framework with the FAIR Controls Analytics Model (FAIR-CAM™)
3 New Ways to Think about Cybersecurity Controls
[fa icon="calendar'] Jun 15, 2022 11:46:43 AM / by Jeff B. Copeland posted in FAIR-CAM
Jack Jones introduced FAIR-CAM™, the FAIR Controls Analytics Model, to challenge the cybersecurity profession to move beyond its reflexive focus on cybersecurity controls lists
Jack Jones Speaks at RSAC 2022 on AI, Automation, the Future of Risk Measurement and What It Will Take to Get There
[fa icon="calendar'] Jun 9, 2022 9:40:50 AM / by Jeff B. Copeland posted in Jack Jones, FAIR-CAM
FAIR standard creator Jack Jones spoke this week at the 2022 RSA Conference with the message that the future of risk measurement and management is (drum roll) artificial intelligence and automation. You might have heard the same in vendor booths on the show floor, but not like Jack told it: The industry won’t get there without a major shift left
What’s the Risk Reduction Effect of NIST CSF Maturity Scores? Jack Jones and the FAIR-CAM Team Are Working on It
[fa icon="calendar'] Mar 21, 2022 2:21:31 PM / by Jeff B. Copeland posted in FAIR-CAM
Since Jack Jones introduced the FAIR Controls Analytics Model (FAIR-CAM™) at the 2021 FAIR Conference, “I get asked all the time, ‘Can we take our NIST CSF scores and plug them into FAIR-CAM and measure controls efficacy and risk reduction value?’”
A Solution for Measuring Inherent Risk
[fa icon="calendar'] Feb 22, 2022 2:32:43 PM / by Jack Jones posted in Risk Management, FAIR-CAM
If you search the FAIR Institute blog, you will find several posts about Inherent Risk, each highlighting fundamental problems with the standard definition for Inherent Risk and offering insights and advice regarding how to better define and use it. To save you the trouble of finding and reading old posts, I’ll boil them down:
Study Finds Employees Will Violate Security Policy to Get Their Work Done – FAIR-CAM Helps to Solve the Problem
[fa icon="calendar'] Jan 31, 2022 7:15:00 AM / by Jack Jones posted in FAIR-CAM
A study sponsored by the National Science Foundation and reported in the Harvard Business Review, Research: Why Employees Violate Cybersecurity Policies, identified a wide disconnect between the demands of cybersecurity and the reality of day-to-day work for employees – one of the key gaps that the new FAIR Controls Analytics Model™ (FAIR-CAM™) is intended to help close.
How Cyber Risk Management Is Like Buying a Bike for Your Daughter – Understanding the FAIR Controls Analytics Model (FAIR-CAM)
[fa icon="calendar'] Jan 12, 2022 2:04:27 PM / by Jack Jones posted in Jack Jones, FAIR-CAM
In writing the FAIR-CAM™ white paper, I took a short detour from the complex landscape of cybersecurity to explain the new FAIR Controls Analytics Model™ with an analogy that almost anyone can relate to.