FAIR Institute Blog

Creating a Cyber Risk Intelligence Framework with FAIR – Jack Freund in ISSA Journal

[fa icon="calendar'] Sep 17, 2019 8:45:00 AM / by Jeff B. Copeland posted in Risk Management

[fa icon="comment"] 0 Comments

In an important article for ISSA Journal, Jack Freund, PhD, co-author of the FAIR book, Measuring and Managing Information Risk, introduces the concept of a Cyber Risk Intelligence Framework that combines four standard frameworks, including FAIR

Read More [fa icon="long-arrow-right"]

NIST Maps FAIR to the CSF - Big Step Forward in Acceptance of Cyber Risk Quantification

[fa icon="calendar'] Sep 13, 2019 9:01:00 AM / by Jeff B. Copeland posted in FAIR, Risk Management

[fa icon="comment"] 1 Comment

Today marks a milestone in FAIR history as NIST has formally published FAIR as an Informative Reference to the NIST CSF, the most widely used cybersecurity framework in the U.S. This means that there is mapping between FAIR and the NIST CSF standard in the sections covering risk analysis and risk management.

Read More [fa icon="long-arrow-right"]

Three Reasons You Should Get FAIR Certified

[fa icon="calendar'] Sep 6, 2019 11:00:00 AM / by David Musselwhite posted in FAIR, Risk Management

[fa icon="comment"] 1 Comment

Whether you’ve just been introduced to FAIR, recently completed RiskLens’ FAIR training, or learned about FAIR through self-study, pursuing the Open FAIR Certification is a worthwhile goal. As more large companies and regulatory bodies accept FAIR as a leading methodology for quantitatively analyzing risk, the Open FAIR Certification is becoming increasingly valuable. 

Read More [fa icon="long-arrow-right"]

Jack Freund in ISACA Blog: Stop Telling Yourself Risk Management Stories

[fa icon="calendar'] Sep 6, 2019 8:45:00 AM / by Jeff B. Copeland posted in Risk Management

[fa icon="comment"] 0 Comments

FAIR book co-author Jack Freund, PhD, recently spoke with the risk management team at a large retailer with a firm belief that “organizational apocalypse will occur if the website goes down.” A FAIR analyst on staff ran the numbers on the potential impact of a site outage – and found no apocalypse, just a manageable problem.

Read More [fa icon="long-arrow-right"]

Managing a Cyber Risk Program in an Ever-Evolving Threat Landscape

[fa icon="calendar'] Sep 5, 2019 1:22:18 PM / by Tim Wynkoop posted in Risk Management

[fa icon="comment"] 0 Comments

With the skills and resources of attackers constantly improving, is cyber risk management a hopeless endeavor? Working with CISOs and risk management teams as a FAIR consultant, this is a question I get asked from time to time and, in short, the answer is no, if you follow these three best practices:

Read More [fa icon="long-arrow-right"]

FedScoop: “Increasingly, Federal Agencies Are Joining Industry” in Cyber Risk Quantification

[fa icon="calendar'] Aug 19, 2019 12:32:49 PM / by Jeff B. Copeland posted in Risk Management

[fa icon="comment"] 0 Comments

In an article just out on FedScoop, Why government is slow to endorse frameworks for quantifying cybersecurity risk, Dave Nyczepir reports that, while qualitative, red-yellow-green approaches risk still dominate, the move to FAIR-based, quantification-driven risk management  is well underway among federal agencies

Read More [fa icon="long-arrow-right"]

Jack Jones: Quit Blaming Executives for Cybersecurity Problems

[fa icon="calendar'] Aug 19, 2019 8:45:00 AM / by Jack Jones posted in Risk Management, Jack Jones

[fa icon="comment"] 5 Comments

Once again, after a run of high profile breaches,  I’ve begun to hear cries that “leadership didn’t sufficiently support” an organization’s cybersecurity program.  I’m sorry, but I just don’t buy it.
Read More [fa icon="long-arrow-right"]

GAO Grades Federal Agencies ‘Fail' on Cyber Risk, Accelerating Movement to FAIR

[fa icon="calendar'] Jul 30, 2019 4:50:39 PM / by Jeff B. Copeland posted in Risk Management

[fa icon="comment"] 0 Comments

It’s a devastating report from the Government Accountability Office that should accelerate the movement to cyber risk quantification (CRQ) and the FAIR model, already underway at the Department of Energy.

Read More [fa icon="long-arrow-right"]

Targeting Cybersecurity Investment - a FAIR Approach

[fa icon="calendar'] Jul 24, 2019 8:30:00 AM / by Denny Wan posted in Risk Management

[fa icon="comment"] 4 Comments

Targeting can be applied to the following tasks in the investment decision process based on the potential financial loss against an asset:

  1. Prioritizing the risk assessment scope
  2. Prioritizing the recommendations on remediation actions
Read More [fa icon="long-arrow-right"]

‘Healthcare Innovation’ Profiles Highmark FAIR Program: ‘Cybersecurity and Business Align’

[fa icon="calendar'] Jul 23, 2019 3:17:08 PM / by Jeff B. Copeland posted in FAIR, Risk Management, FAIR Conference 2019

[fa icon="comment"] 0 Comments

Just published on Healthcare Innovation, Where Cybersecurity and Business Align: One CISO’s High-Level Perspective, profiles CISO Omar Khawaja’s success at introducing FAIR to Highmark Health, a leading healthcare delivery and insurance organization.

Read More [fa icon="long-arrow-right"]
LEARN MORE

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts