FAIR Institute Blog

3 New Ways to Think about Cybersecurity Controls

[fa icon="calendar'] Jun 15, 2022 11:46:43 AM / by Jeff B. Copeland posted in FAIR-CAM

[fa icon="comment"] 0 Comments

Jack Jones introduced FAIR-CAM™, the FAIR Controls Analytics Model, to challenge the cybersecurity profession to move beyond its reflexive focus on cybersecurity controls lists

Read More [fa icon="long-arrow-right"]

Jack Jones Speaks at RSAC 2022 on AI, Automation, the Future of Risk Measurement and What It Will Take to Get There

[fa icon="calendar'] Jun 9, 2022 9:40:50 AM / by Jeff B. Copeland posted in Jack Jones, FAIR-CAM

[fa icon="comment"] 0 Comments

FAIR standard creator Jack Jones spoke this week at the 2022 RSA Conference with the message that the future of risk measurement and management is (drum roll) artificial intelligence and automation. You might have heard the same in vendor booths on the show floor, but not like Jack told it: The industry won’t get there without a major shift left

Read More [fa icon="long-arrow-right"]

What’s the Risk Reduction Effect of NIST CSF Maturity Scores? Jack Jones and the FAIR-CAM Team Are Working on It

[fa icon="calendar'] Mar 21, 2022 2:21:31 PM / by Jeff B. Copeland posted in FAIR-CAM

[fa icon="comment"] 0 Comments

Since Jack Jones introduced the FAIR Controls Analytics Model (FAIR-CAM™) at the 2021 FAIR Conference, “I get asked all the time, ‘Can we take our NIST CSF scores and plug them into FAIR-CAM and measure controls efficacy and risk reduction value?’”

Read More [fa icon="long-arrow-right"]

A Solution for Measuring Inherent Risk

[fa icon="calendar'] Feb 22, 2022 2:32:43 PM / by Jack Jones posted in Risk Management, FAIR-CAM

[fa icon="comment"] 0 Comments

If you search the FAIR Institute blog, you will find several posts about Inherent Risk, each highlighting fundamental problems with the standard definition for Inherent Risk and offering insights and advice regarding how to better define and use it.  To save you the trouble of finding and reading old posts, I’ll boil them down:

Read More [fa icon="long-arrow-right"]

Study Finds Employees Will Violate Security Policy to Get Their Work Done – FAIR-CAM Helps to Solve the Problem

[fa icon="calendar'] Jan 31, 2022 7:15:00 AM / by Jack Jones posted in FAIR-CAM

[fa icon="comment"] 0 Comments

A study sponsored by the National Science Foundation and reported in the Harvard Business Review, Research: Why Employees Violate Cybersecurity Policies, identified a wide disconnect between the demands of cybersecurity and the reality of day-to-day work for employees – one of the key gaps that the new FAIR Controls Analytics Model™ (FAIR-CAM™) is intended to help close.  

Read More [fa icon="long-arrow-right"]

How Cyber Risk Management Is Like Buying a Bike for Your Daughter – Understanding the FAIR Controls Analytics Model (FAIR-CAM)

[fa icon="calendar'] Jan 12, 2022 2:04:27 PM / by Jack Jones posted in Jack Jones, FAIR-CAM

[fa icon="comment"] 0 Comments

In writing the FAIR-CAM™ white paper, I took a short detour from the complex landscape of cybersecurity to explain the new FAIR Controls Analytics Model™ with an analogy that almost anyone can relate to.

Read More [fa icon="long-arrow-right"]

Jack Jones: In 2022, the New FAIR Controls Analytics Model (FAIR-CAM) Begins to Redefine Risk Management Maturity

[fa icon="calendar'] Jan 4, 2022 7:00:00 AM / by Jack Jones posted in FAIR-CAM

[fa icon="comment"] 0 Comments

Introduced at the October, 2021, FAIR Conference, the FAIR Controls Analytics Model™ (FAIR-CAM™) will begin to have an impact in 2022. Although eventually it should benefit the risk management profession in many ways, both large and small, its effects are likely to be gradual as people and the industry as a whole begins to wrap their minds around its implications.  

Read More [fa icon="long-arrow-right"]

3 Things About Controls Your Cybersecurity Staff May Not Be Telling You

[fa icon="calendar'] Dec 7, 2021 8:49:25 AM / by Jeff B. Copeland posted in FAIR-CAM

[fa icon="comment"] 0 Comments

With all the time and money that infosec professionals invest in controls – implementing, patching, auditing, policy promulgation, etc. – you’d think they would be driving control stacks like finely-tuned machines.

Read More [fa icon="long-arrow-right"]

Use Case for FAIR-CAM: Rapid Policy Exception Management

[fa icon="calendar'] Nov 8, 2021 11:14:00 AM / by Jeff B. Copeland posted in FAIR Conference 2021, FAIR-CAM

[fa icon="comment"] 0 Comments

Jack Jones only recently introduced the FAIR Controls Analytics Model™ (FAIR-CAM™), but FAIR practitioners already are leveraging it to understand and improve controls environments and processes, as this session from the 2021 FAIR Conference demonstrated:

Read More [fa icon="long-arrow-right"]

At FAIRCON21, Jack Jones Introduces the FAIR Controls Analytics Model (FAIR-CAM™), the Standard for Measuring the Effectiveness of Cybersecurity Controls

[fa icon="calendar'] Oct 20, 2021 1:30:00 PM / by Jeff B. Copeland posted in Jack Jones, FAIR Conference 2021, FAIR-CAM

[fa icon="comment"] 1 Comment

Jack Jones, creator of Factor Analysis of Information Risk (FAIR™), the standard for quantitative analysis of cyber risk, introduced a new model, the FAIR Controls Analytics Model (FAIR-CAM™), for quantitative measurement of controls efficacy for risk reduction.

Read More [fa icon="long-arrow-right"]
LEARN MORE
Content not found

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts