FAIR Institute Blog

How Cyber Risk Management Is Like Buying a Bike for Your Daughter – Understanding the FAIR Controls Analytics Model (FAIR-CAM)

[fa icon="calendar'] Jan 12, 2022 2:04:27 PM / by Jack Jones posted in Jack Jones, FAIR-CAM

[fa icon="comment"] 0 Comments

In writing the FAIR-CAM™ white paper, I took a short detour from the complex landscape of cybersecurity to explain the new FAIR Controls Analytics Model™ with an analogy that almost anyone can relate to.

Read More [fa icon="long-arrow-right"]

Jack Jones on Log4j: Take these Steps to Prepare for the Next Zero-Day Exploit

[fa icon="calendar'] Dec 22, 2021 8:40:24 AM / by Jack Jones posted in Jack Jones, Guides & Tips

[fa icon="comment"] 0 Comments

The Apache Log4j security vulnerability uncovered recently is every cybersecurity defender’s nightmare - a zero-day exploited in a practically ubiquitous software library. Because zero-day exploits aren’t going away anytime soon, it’s important for organizations to increase their resilience to this type of change in the risk landscape.  

Read More [fa icon="long-arrow-right"]

Jack Jones: The Quality of Qualitative Risk Measurement (Continued)

[fa icon="calendar'] Nov 30, 2021 11:24:48 AM / by Jack Jones posted in Jack Jones, Jack Jones on Qualitative vs Quantitative

[fa icon="comment"] 5 Comments

In my last blog post on qualitative risk measurement, I discussed three key aspects that often make the difference between good measurements and bad measurements — scope, model, and data.  I also pointed out that these apply to both qualitative and quantitative risk measurement. 

Read More [fa icon="long-arrow-right"]

Jack Jones: The Quality of Qualitative Risk Measurements

[fa icon="calendar'] Nov 22, 2021 8:00:00 AM / by Jack Jones posted in Jack Jones, Jack Jones on Qualitative vs Quantitative

[fa icon="comment"] 0 Comments

What makes for a high-quality qualitative risk measurement?  The answer is simple.  We just have to go back to the scope, model, and data elements

Read More [fa icon="long-arrow-right"]

At FAIRCON21, Jack Jones Introduces the FAIR Controls Analytics Model (FAIR-CAM™), the Standard for Measuring the Effectiveness of Cybersecurity Controls

[fa icon="calendar'] Oct 20, 2021 1:30:00 PM / by Jeff B. Copeland posted in Jack Jones, FAIR Conference 2021, FAIR-CAM

[fa icon="comment"] 1 Comment

Jack Jones, creator of Factor Analysis of Information Risk (FAIR™), the standard for quantitative analysis of cyber risk, introduced a new model, the FAIR Controls Analytics Model (FAIR-CAM™), for quantitative measurement of controls efficacy for risk reduction.

Read More [fa icon="long-arrow-right"]

Jack Jones Previews the FAIR Controls Analytics Model (FAIR-CAM) at the 2021 RSA Conference

[fa icon="calendar'] May 24, 2021 11:56:19 AM / by Jeff B. Copeland posted in Jack Jones, FAIR-CAM

[fa icon="comment"] 2 Comments

Jack Jones, creator of Factor Analysis of Information Risk (FAIR™), the international standard for quantification of cyber risk, gave an RSAC21 audience a preview of his breakthrough FAIR Controls Analytics Model (FAIR-CAM) that will, for the first time, enable security teams to reliably evaluate how controls affect risk in quantitative terms.

Read More [fa icon="long-arrow-right"]

Jack Jones on the Cybersecurity Executive Order: Bold Changes, but Missed Opportunity for Measuring Risk?

[fa icon="calendar'] May 20, 2021 9:36:51 AM / by Jack Jones posted in Jack Jones, Government

[fa icon="comment"] 2 Comments

I’m thrilled with many of the provisions in the President’s recent Executive Order on Improving the Nation’s Cybersecurity. The tiered software security ratings system, the IoT consumer labeling, the cybersecurity review board, and the emphasis on sharing information on breaches and other cyber incidents, are all bold initiatives

Read More [fa icon="long-arrow-right"]

Jack Jones: State ‘Safe Harbor’ Laws Should Promote Effective Cyber Risk Management, Not Just Compliance with Frameworks

[fa icon="calendar'] Apr 7, 2021 12:43:04 PM / by Jack Jones posted in Jack Jones

[fa icon="comment"] 2 Comments

State legislatures in Nevada, Ohio, Utah and Connecticut have passed or are in the process of passing “safe harbor” protection against negligence lawsuits for companies hit with a data breach – if the companies implement controls from a recognized cybersecurity framework.

Read More [fa icon="long-arrow-right"]

Watch Out for these 5 ‘Cyber Risk Quantification’ Methods. They Don’t Support Cost-Effective Risk Management

[fa icon="calendar'] Mar 16, 2021 11:31:09 AM / by Jeff B. Copeland posted in Jack Jones

[fa icon="comment"] 0 Comments

As the popularity of cyber risk quantification (CRQ) grows, so grows the confusion in the marketplace about choosing the right cyber risk quantification solution among many with the CRQ label.  

Read More [fa icon="long-arrow-right"]

3 Foundational Videos from Jack Jones on What Is Risk, How FAIR Started, and How to Make a FAIR Quantitative Risk Management Program Work

[fa icon="calendar'] Mar 3, 2021 8:12:00 AM / by Jeff B. Copeland posted in Jack Jones

[fa icon="comment"] 0 Comments

If you’re new to Factor Analysis of Information Risk (FAIR™), understand that it’s first of all a movement

Read More [fa icon="long-arrow-right"]
LEARN MORE

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts