Again this year, the FAIR Institute has a major presence at the RSA Conference, April 24-27 in San Francisco, with two seminars led by cyber risk quantification authority Jack Jones
“Thought leadership” is a term that gets loosely applied to any kind of marketing material in the cyber risk/cybersecurity world – and then there’s Jack Jones, who has been indisputably out in front showing the risk and security professions the way up
The Wall Street Journal recently published an article, “Whistleblower Reports of Lax Cybersecurity Expected to Rise,” reacting to the conviction of Joe Sullivan for his handling of two data breaches as CSO at Uber
Cyber risk analysis must scale to meet the rising challenges of cybersecurity, and automation of quantitative analysis will get us there.
Jack Jones, creator of Factor Analysis of Information Risk (FAIR™) and Chairman of the FAIR Institute, delivered a keynote address to the 2022 FAIR Conference emphasizing the fact that cyber risk measurement practices have been profoundly immature
Imagine that you’re looking for an encryption solution. There are many providers on the market, all of whom use one of the well-vetted public encryption standards. But let’s imagine there’s a new player in the market — one that claims to have a vastly improved, but proprietary, solution.
It was bound to happen. For years, Factor Analysis of Information Risk (FAIR™) was, for all intents and purposes, the only Cyber Risk Quantification (CRQ) model out there.
FAIR standard creator Jack Jones spoke this week at the 2022 RSA Conference with the message that the future of risk measurement and management is (drum roll) artificial intelligence and automation. You might have heard the same in vendor booths on the show floor, but not like Jack told it: The industry won’t get there without a major shift left
In the previous post, I provided examples of some controls-related data that can’t be used to support automated cyber risk quantification (CRQ). But the news isn’t all bad. There are some data that can be used to support CRQ.
I covered a lot of ground in the previous posts, and rather than summarize them here I’ll assume you’ve read those posts already. So, let’s dive into the last analytic dimension…