Jack Jones, FAIR Institute chairman and creator of Factor Analysis of Information Risk, gave a remarkable keynote address to the 2018 FAIR Conference at Carnegie Mellon University in Pittsburgh that was both an unsparing look at the limitations of the risk profession and a prescription for how to break through to The Next Frontier in Risk Management
Jack Jones, FAIR Institute Chairman and creator of the FAIR model, gave a wide-ranging keynote speech for the 2018 FAIR Conference on “The Next Frontier in Risk Management”, that was both a candid look at the challenges faced by the risk profession and a call to action to move up to true risk management maturity.
Dark Reading is just out with 7 Steps to Start Your Risk Assessment, a handy guide to FAIR concepts that draws on the advice of three FAIR experts
While we’re still learning the details of that massive data breach at Facebook – account keys for 50 million users stolen, and potentially wider impact as the same keys were used to log in to third party accounts – FAIR Institute Chairman Jack Jones says this incident, like others before it, exposes some of the shaky underpinnings of cybersecurity risk management.
In a new commentary on the Dark Reading website, What We Talk About When We Talk About Risk, FAIR Institute Chairman and cyber risk quantification pioneer Jack Jones takes the cybersecurity profession to task for the many confused – and confusing – ways it uses the term risk.
The Securities and Exchange Commission’s new guidance on cybersecurity risk disclosure landed with a thud in board rooms, C-suites and infosecurity shops, particularly for its requirements on reporting ongoing cyber risks
Join Jack Jones, creator of the FAIR model for risk analysis, for a webinar on Tuesday, April 3, at 2 PM ET on “New SEC Cyber Risk Disclosure Guidance: The FAIR Advantage”.
The Wall Street Journal recently referenced a research report published by Ponemon Institute entitled The True Cost of Compliance With Data Protection Regulations. After reading the report I’ve come to the conclusion that although the research objective was admirable, it completely missed the target.
When I was recently asked to write a blog post making cyber and technology risk predictions for 2018, I balked. If you’ve read (and you should read) Superforecasting: The Art and Science of Prediction (Dan Gardner and Philip Tetlock), you’ll understand why.
On his recent FAIR Institute Cyber Risk Workgroup Call (membership required), FAIR model creator Jack Jones fielded this question: If you had to judge an organization in terms of how well it manages risk using just one metric, what one metric would you use?