As a former auditor, I understand the value a control has for an organization, a process or an application. But, I’ll be honest I used to think a control was one dimensional. It didn’t really matter what the control protected, if the control wasn’t functioning properly or configured exactly to a ‘T’, it was failing.
In September, 2017, the FAIR Institute launched the FAIR University Curriculum with the goal of helping to fill a void in the industry by assisting academia in building information risk management programs and developing the next generation of cyber risk executives.
The FAIR Institute is excited to have our Chairman, Jack Jones, represent the Institute at multiple events and sessions at the 2018 RSA Conference in San Francisco later this month. If you’re in town attending the conference, stop by the events below to hear Jack speak on the importance of quantitative analysis--and to say hello.
The Securities and Exchange Commission’s new guidance on cybersecurity risk disclosure landed with a thud in board rooms, C-suites and infosecurity shops, particularly for its requirements on reporting ongoing cyber risks
The MIT Technology Review recently published an article about what they called “cyber threats.” While the article identifies trending attack methods and scenarios to be concerned about, none of the things that made the list are actually threats.
Join Jack Jones, creator of the FAIR model for risk analysis, for a webinar on Tuesday, April 3, at 2 PM ET on “New SEC Cyber Risk Disclosure Guidance: The FAIR Advantage”.
Reporting results from a risk analysis can seem like a daunting and cumbersome task. Even after a lot of work, key stakeholders may walk away without a good understanding of what the results truly mean.
The FAIR Institute recently hosted a Virtual Panel Webinar on our FAIR University Curriculum. The webinar was held for interested professors and deans from academic institutions that are building information risk management courses, based on FAIR.
The term “Black Swan event” has been part of the risk management lexicon since its coinage in 2007 by Nassim Taleb in his eponymous book titled The Black Swan: The Impact of the Highly Improbable.
Tips and insight from Jack Jones and Jack Freund, authors of the FAIR book...
The Securities and Exchange Commission’s new guidance on cyber risk disclosure has shaken up infosec teams, C-suiters and board members at public companies over the past two weeks.