In a new commentary on the Dark Reading website, What We Talk About When We Talk About Risk, FAIR Institute Chairman and cyber risk quantification pioneer Jack Jones takes the cybersecurity profession to task for the many confused – and confusing – ways it uses the term risk.
The Securities and Exchange Commission’s new guidance on cybersecurity risk disclosure landed with a thud in board rooms, C-suites and infosecurity shops, particularly for its requirements on reporting ongoing cyber risks
Join Jack Jones, creator of the FAIR model for risk analysis, for a webinar on Tuesday, April 3, at 2 PM ET on “New SEC Cyber Risk Disclosure Guidance: The FAIR Advantage”.
The Wall Street Journal recently referenced a research report published by Ponemon Institute entitled The True Cost of Compliance With Data Protection Regulations. After reading the report I’ve come to the conclusion that although the research objective was admirable, it completely missed the target.
When I was recently asked to write a blog post making cyber and technology risk predictions for 2018, I balked. If you’ve read (and you should read) Superforecasting: The Art and Science of Prediction (Dan Gardner and Philip Tetlock), you’ll understand why.
On his recent FAIR Institute Cyber Risk Workgroup Call (membership required), FAIR model creator Jack Jones fielded this question: If you had to judge an organization in terms of how well it manages risk using just one metric, what one metric would you use?
Jack Jones…creator of the FAIR model (that’s Factor Analysis of Information Risk)…author of the FAIR book Measuring and Managing Information Risk: A FAIR Approach…chairman of the FAIR Institute…and the leading evangelist for effective risk measurement based on critical thinking. For a quick education on Jack’s thinking and the FAIR approach to risk, check out this reading list of Jack’s 10 most popular writings on the FAIR Institute blog.