State legislatures in Nevada, Ohio, Utah and Connecticut have passed or are in the process of passing “safe harbor” protection against negligence lawsuits for companies hit with a data breach – if the companies implement controls from a recognized cybersecurity framework.
As the popularity of cyber risk quantification (CRQ) grows, so grows the confusion in the marketplace about choosing the right cyber risk quantification solution among many with the CRQ label.
If you’re new to Factor Analysis of Information Risk (FAIR™), understand that it’s first of all a movement
FAIR Institute Chairman Jack Jones recently appeared on the Privacy Please podcast hosted by Cameron Ivey and Gabe Crumbs of Spirion, the data protection company
Jack Jones, Chairman of the FAIR Institute and creator of Factor Analysis of Information Risk (FAIR™), the international standard for cyber risk quantification, sees 2020 as the year that taught many CISOs some hard lessons
Researchers at the Federal Reserve of New York recently issued a study saying that intrabank “wholesale” payments are so concentrated in the top five banks that if any one of them were disrupted by a cyber attack, the result could be a liquidity crisis in the banking system – a kind of cyber run on the banks.
“Thought leadership” is a term that gets used loosely but Jack Jones, creator of Factor Analysis of Information Risk (the FAIR™ model) and Chairman of the FAIR Institute has been out in front of the profession for years patiently pointing out the limitations of conventional, qualitative risk analysis
With FAIR – and risk quantification -- increasingly accepted as the standard for cyber risk analysis, FAIR Institute Chairman Jack Jones talked to what’s next in his keynote address to the recent 2019 FAIR Conference: Setting up successful FAIR-based programs that manage risk cost-effectively.
FAIR Institute Chairman and FAIR model creator Jack Jones started his keynote for the 2019 FAIR Conference at National Harbor, MD, with a question: “What’s the cost of a $5 million risk management program?” all in with salaries, services, technology, etc. Much more than you think, Jack pointed out.