In writing the FAIR-CAM™ white paper, I took a short detour from the complex landscape of cybersecurity to explain the new FAIR Controls Analytics Model™ with an analogy that almost anyone can relate to.
Introduced at the October, 2021, FAIR Conference, the FAIR Controls Analytics Model™ (FAIR-CAM™) will begin to have an impact in 2022. Although eventually it should benefit the risk management profession in many ways, both large and small, its effects are likely to be gradual as people and the industry as a whole begins to wrap their minds around its implications.
With all the time and money that infosec professionals invest in controls – implementing, patching, auditing, policy promulgation, etc. – you’d think they would be driving control stacks like finely-tuned machines.
Jack Jones only recently introduced the FAIR Controls Analytics Model™ (FAIR-CAM™), but FAIR practitioners already are leveraging it to understand and improve controls environments and processes, as this session from the 2021 FAIR Conference demonstrated:
Jack Jones, creator of Factor Analysis of Information Risk (FAIR™), the standard for quantitative analysis of cyber risk, introduced a new model, the FAIR Controls Analytics Model (FAIR-CAM™), for quantitative measurement of controls efficacy for risk reduction.
What’s the most valuable control for risk reduction in your cybersecurity stack? The least valuable? Your team probably has opinions, but no hard, quantitative data
Jack Jones, creator of Factor Analysis of Information Risk (FAIR™), the international standard for quantification of cyber risk, gave an RSAC21 audience a preview of his breakthrough FAIR Controls Analytics Model (FAIR-CAM) that will, for the first time, enable security teams to reliably evaluate how controls affect risk in quantitative terms.
We are very excited to be partnering once again with the annual RSA Conference (RSAC21) to host multiple FAIR Institute-led events and sessions over the course of the conference in May.