As the FAIR model and risk quantification brings cyber risk management in line with the rest of enterprise risk management, the roles of CISO and CRO also pull closer together. A panel discussion at the recent 2018 FAIR Conference showed a cooperative CISO/CRO relationship in action
At the recent 2018 FAIR Conference, James Lam, the enterprise risk management and corporate governance authority and chairman of the risk committee for the E*TRADE board of directors, gave a master class
Greetings FAIR Instituters! I’m glad to be able to give you a summary of research that many of you participated in a few months ago. Before I do that, though, we need to rewind a bit further back in time.
Jack Jones, FAIR Institute chairman and creator of Factor Analysis of Information Risk, gave a remarkable keynote address to the 2018 FAIR Conference at Carnegie Mellon University in Pittsburgh that was both an unsparing look at the limitations of the risk profession and a prescription for how to break through to The Next Frontier in Risk Management
The last several months has seen a frightening jump in the fines and judgments against companies over cyber breaches. Uber settled on a $148M fine for their handling of their 2016 breach, Yahoo was hit with an SEC fine of $35M for their disclosure of the breach of their email accounts
Dark Reading is just out with 7 Steps to Start Your Risk Assessment, a handy guide to FAIR concepts that draws on the advice of three FAIR experts
While we’re still learning the details of that massive data breach at Facebook – account keys for 50 million users stolen, and potentially wider impact as the same keys were used to log in to third party accounts – FAIR Institute Chairman Jack Jones says this incident, like others before it, exposes some of the shaky underpinnings of cybersecurity risk management.
“Executives hate surprises” begins a new white paper, Managing Cybersecurity Surprises – the Executive’s Perspective, by FAIR model creator Jack Jones, and goes on to detail the four most likely reasons that organizations get blindsided by cybersecurity failures:
It’s a powerful concept in innovation laid out in the Jobs to Be Done theory: Know what your user hopes to accomplish and provide the solution to that specific need. In planning the 2018 FAIR Conference (October 16-17, Carnegie Mellon University, Pittsburgh), the FAIR Institute built the conference agenda with an eye on the jobs that conference attendees (and their organizations) need to get done.
In 2015, the North Carolina Department of Transportation (NC DOT) completed the I-485 project it began in 1988. This delivered to Charlotte a 67-mile outer belt loop around the city that it had desperately needed. With the completion of the last 5.7 miles of the freeway, the NC DOT also declared that the speed limit would rise from 65 to 70 mph.