FAIR Institute Blog

3 Ways to Game the System with Qualitative Cyber Risk Analysis (Don’t Do It)

[fa icon="calendar'] Mar 25, 2019 8:30:00 AM / by Cary Wise posted in Risk Management

[fa icon="comment"] 0 Comments

As an advocate for FAIR, I spend a great amount of time preaching the benefits of quantitative risk analysis over the qualitative approach. Ranking of risks 1-5 or red-yellow-green based on subjective judgments doesn’t measure up (literally) to a standard model like FAIR that produces consistent results expressed as probabilities.  

Read More [fa icon="long-arrow-right"]

Infosecurity Magazine on Jack Jones’ Approach to Risk Appetite: “Draw a Line in the Sand”

[fa icon="calendar'] Mar 7, 2019 12:44:27 PM / by Jeff B. Copeland posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

A busy week at the RSA Conference for the FAIR Institute. Tuesday at the SC Awards ceremony, the FAIR Institute received the extraordinary honor of being named one of the Most Important Industry Organizations of the Last 30 Years.

Read More [fa icon="long-arrow-right"]

Jack Jones: How Much Risk Does that Risk Represent?

[fa icon="calendar'] Feb 21, 2019 8:00:00 AM / by Jack Jones posted in FAIR, Risk Management

[fa icon="comment"] 2 Comments

Yesterday, while speaking to a university cybersecurity class, I was accused of being pedantic when I pointed out a problem with the phrase “The risk of that impact…”

Read More [fa icon="long-arrow-right"]

Prepare for Disruption: ERM Expert James Lam’s Advice to Board Directors

[fa icon="calendar'] Feb 14, 2019 9:28:15 AM / by Jeff B. Copeland posted in Risk Management

[fa icon="comment"] 0 Comments

In a cover story for the National Association of Corporate Directors Directorship Magazine, James Lam – independent director on the RiskLens board, leader of the risk committee for the E*TRADE board, and FAIRCON18 keynoter– writes that board directors generally believe that business-disrupting (and even business-killing) risks are much more important now than five years ago

Read More [fa icon="long-arrow-right"]

At RSAC 2019, Hear Jack Jones and More Leaders in the Cyber Risk Quantification Movement

[fa icon="calendar'] Feb 12, 2019 10:00:39 AM / by Jeff B. Copeland posted in Risk Management, Events, Jack Jones

[fa icon="comment"] 0 Comments

This year’s RSA Conference, Monday-Friday, March 4-8, in San Francisco is a great opportunity to hear some of the world’s best thinkers and doers in and around the FAIR movement and advanced techniques in risk management in general.  

Read More [fa icon="long-arrow-right"]

Security Exception vs. Risk Acceptance: What's the Difference?

[fa icon="calendar'] Feb 6, 2019 2:00:00 PM / by Jack Jones posted in FAIR, Risk Management

[fa icon="comment"] 4 Comments

FAIR model creator Jack Jones recently answered a FAIR Institute member's question about terminology that's one of those easily confused yet critical distinctions in cyber risk management: What's the difference between a security exception (or policy exception) and risk acceptance?

Read More [fa icon="long-arrow-right"]

Help Us Build a Better FAIR Institute Blog for You. Take This Short Survey

[fa icon="calendar'] Jan 23, 2019 8:30:00 AM / by Luke Bader posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

What would you like to see in the FAIR Institute blog that would most advance your knowledge, skills and awareness of FAIR and the fast-growing movement for critical thinking and quantification in risk analysis?

Read More [fa icon="long-arrow-right"]

Analyzing Privacy Risk Using FAIR

[fa icon="calendar'] Jan 14, 2019 10:15:21 AM / by R. Jason Cronk posted in FAIR, Risk Management

[fa icon="comment"] 1 Comment

When I saw Jack Jones present on FAIR at an IANS Research Forum several years ago, it was like a light bulb went off in my head. I immediately ordered the FAIR book and began a cover-to-cover reading, twice. I had been unsatisfied with existing methods to assess privacy risks and I was excited to apply my new-found knowledge of FAIR to privacy.

Read More [fa icon="long-arrow-right"]

How a CISO Uses FAIR with NIST CSF to Manage Cyber Risk Across Business Units

[fa icon="calendar'] Jan 3, 2019 9:21:32 AM / by Jeff B. Copeland posted in FAIR, Risk Management

[fa icon="comment"] 1 Comment

In an article for Forbes Technology Council, Two Frameworks For Securing A Decentralized Enterprise, Ian Amit, Chief Security Officer at Cimpress (parent company of Vistaprint), tells how he combines the NIST CSF and the FAIR model to handle a challenging situation

Read More [fa icon="long-arrow-right"]

SEC Cyber Risk Disclosure Guidance, KRIs for Cybersecurity, Risk Trends for Boards – Most Popular FAIR Institute Blog Posts of 2018

[fa icon="calendar'] Dec 27, 2018 8:30:00 AM / by Jeff B. Copeland posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

The Securities and Exchange Commission, the European Union and the International Monetary Fund all pointed cyber risk managers toward cyber risk quantification in 2018

Read More [fa icon="long-arrow-right"]
LEARN MORE

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts