FAIR Institute Blog

RSA CTO: “People Are Beginning to Think about Security in Risk Terms”

[fa icon="calendar'] May 9, 2018 9:27:46 AM / by Nicola (Nick) Sanna posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

In a video interview just out on eWeek, titled “RSA Taking a FAIR Approach to Defining Cyber-Risk”, RSA Chief Technology Officer Zulfikar Ramzan discusses what he calls the “exciting” new direction for RSA Archer: “cyber risk economics and cyber risk quantification.

Read More [fa icon="long-arrow-right"]

FAIR Institute’s New Cyber Risk Analyst Job Board on Link

[fa icon="calendar'] May 8, 2018 8:30:00 AM / by Luke Bader posted in FAIR, FAIR University

[fa icon="comment"] 0 Comments

With more and more companies building their cyber risk management programs on FAIR, hiring a certified FAIR analyst can get competitive. The FAIR Institute is excited to launch the our Job Board to connect employers with Institute members who are FAIR-certified analysts looking for their next career move.

Read More [fa icon="long-arrow-right"]

Cyber Risk Is New but FAIR Analysis Applies Time-tested Techniques

[fa icon="calendar'] May 4, 2018 8:00:00 AM / by David Musselwhite posted in FAIR

[fa icon="comment"] 0 Comments

“Everyone dislikes novelty, and experts tend to be over-critical of proposals in their own domain.” This is the plainly-stated conclusion of a fascinating blind study wherein expert medical researchers were asked to evaluate new research proposals, some in other medical specialties and some in the areas in which they were experts. “New ideas got worse scores from everyone, but they were particularly punished by experts.” 

Read More [fa icon="long-arrow-right"]

KRIs for Cybersecurity: Canaries in Coal Mines

[fa icon="calendar'] May 1, 2018 8:30:00 AM / by Jack Freund posted in FAIR, Risk Management

[fa icon="comment"] 2 Comments

For a long time, humans have used various organisms to help them detect dangerous environmental conditions. Animals used for this purpose are called ‘Sentinel Species’ by scientists -- the best example is the use of caged canaries to detect dangerous levels of carbon monoxide in coal mines.

Read More [fa icon="long-arrow-right"]

FAIR Pros Wrap Up RSAC18: The Year of Risk Awareness

[fa icon="calendar'] Apr 26, 2018 11:36:22 AM / by Jeff B. Copeland posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

Every year, the RSA Conference is a snapshot of the ever-evolving State of the Cybersecurity Profession (and the vendors who market to it), and this year the State is…more risk- and risk-quantification-aware than ever.

Read More [fa icon="long-arrow-right"]

Reserve a Spot: FAIR Institute Breakfast at Gartner Security & Risk Management

[fa icon="calendar'] Apr 23, 2018 2:31:03 PM / by Luke Bader posted in FAIR, Risk Management, Events

[fa icon="comment"] 0 Comments

The FAIR Institute is excited to announce our first breakfast meeting at the Gartner Security and Risk Management Summit on Tuesday, June 5, 2018 from 7:30 to 10 AM at National Harbor, MD. 

Read More [fa icon="long-arrow-right"]

RSAC 2018: FAIR Among the “Silver Linings” After a Bad Year for Cybersecurity

[fa icon="calendar'] Apr 20, 2018 5:10:33 PM / by Jeff B. Copeland posted in FAIR

[fa icon="comment"] 0 Comments

After the shocking disruptions caused by WannaCry, the massive and immediate financial losses incurred because of NotPetya, and the sad and continued trend of each new year being "The Year of the Breach," the 50,000 cybersecurity practitioners and vendors gathered for the RSA Conference in San Francisco this week were ready for some good, uplifting post-2017 news.

Read More [fa icon="long-arrow-right"]

Finding Your Goldilocks Moment in Cyber Risk Analysis

[fa icon="calendar'] Apr 20, 2018 4:27:34 PM / by Teresa Suarez posted in FAIR

[fa icon="comment"] 0 Comments

In a perfect world, a quantitative cyber risk analysis would always leverage data that is both accurate and precise. Heck, every sort of financial analysis, whether personal or organizational, would leverage data and produce results that are both accurate and precise.

Read More [fa icon="long-arrow-right"]

“From No Data to Drowning in Data – A Reality Check”: Jack Jones Speaks at RSA

[fa icon="calendar'] Apr 19, 2018 9:30:00 AM / by Jeff B. Copeland posted in FAIR, Events

[fa icon="comment"] 0 Comments

“Your organization has data regarding umpteen thousand unpatched vulnerabilities…So what? What decisions need to be made?” FAIR Institute Chairman Jack Jones asked an audience at the RSA Conference this week

Read More [fa icon="long-arrow-right"]

How to Model Controls in a FAIR Risk Analysis

[fa icon="calendar'] Apr 12, 2018 9:00:00 AM / by Rebecca Merritt posted in FAIR

[fa icon="comment"] 2 Comments

As a former auditor, I understand the value a control has for an organization, a process or an application.  But, I’ll be honest I used to think a control was one dimensional. It didn’t really matter what the control protected, if the control wasn’t functioning properly or configured exactly to a ‘T’, it was failing.

Read More [fa icon="long-arrow-right"]
LEARN MORE

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts