Recent surveys of business executives and board members by Harvard Business Review Analytics and PwC give evidence that the movement to cyber risk quantification and FAIR™ is growing, if from a small base:
You’re all fired up about Factor Analysis of Information Risk (FAIR™) and eager to bring the transformative power of cyber risk quantification to your organization—but for now, you’re a voice crying in the wilderness of red-yellow-green heat maps
Influential security blogger, three-time CISO and current Goldman Sachs Bank board member Phil Venables is out with a new blog post, Why Cybersecurity Budget Benchmarks Are a Waste of Time – a theme that FAIR™ model creator Jack Jones has campaigned on for years:
The FAIR Institute’s technical partner, RiskLens, joined us for a sponsored webinar to introduce Rapid Risk Assessment, a new capability on the RiskLens platform that brings high speed and high volume to FAIR™ analysis.
In my career as an IT auditor, there were a few questions I struggled to answer when communicating with clients and peers.
It’s a question increasingly asked by boards in these uncertain times: How resilient is our organization? FAIR Institute partner Protiviti is advancing a creative way to answer that question quantitatively using FAIR™.
In a recent National institute of Standards and Technology webinar on integrating cybersecurity and ERM, Energy Dept. CISO Emery Csulak shared the goals his agency set for its transition to a cyber risk management program based on FAIR™ -- high-level principles that could apply equally to the government or corporate information security.
NIST has released a second draft of its groundbreaking NISTIR 8286 standard that provides a roadmap for organizations looking to better align cyber risk management with enterprise risk management functions.
With the first flight of an American spacecraft carrying NASA astronauts launched from US soil since 2011, a FAIR Institute Member sent us a note pointing out that the NASA Risk Management Handbook shares a lot of the spirit of FAIR™.
Board directors and senior executives are obligated to govern their organizations’ cyber risk management efforts. To this end, they are being educated by such organizations as the NACD or the Big 4 on foundational concepts of information security and cyber risk management.