FAIR Institute Blog

Harvard Survey Finds FAIR Top Cyber Risk Quantification Choice

[fa icon="calendar'] Nov 25, 2020 2:22:32 PM / by Jeff B. Copeland posted in Risk Management

[fa icon="comment"] 0 Comments

Recent surveys of business executives and board members by Harvard Business Review Analytics and PwC give evidence that the movement to cyber risk quantification and FAIR™ is growing, if from a small base:

Read More [fa icon="long-arrow-right"]

12 Bits of Advice from FAIR Veterans to New FAIR Evangelists

[fa icon="calendar'] Nov 5, 2020 11:09:57 AM / by Jeff B. Copeland posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

You’re all fired up about Factor Analysis of Information Risk (FAIR™) and eager to bring the transformative power of cyber risk quantification to your organization—but for now, you’re a voice crying in the wilderness of red-yellow-green heat maps

Read More [fa icon="long-arrow-right"]

We Agree with Phil Venables that “Cybersecurity Budget Benchmarks Are a Waste of Time” – Better to Focus on Outcomes

[fa icon="calendar'] Oct 20, 2020 10:31:00 AM / by Jeff B. Copeland posted in Risk Management

[fa icon="comment"] 0 Comments

Influential security blogger, three-time CISO and current Goldman Sachs Bank board member Phil Venables is out with a new blog post, Why Cybersecurity Budget Benchmarks Are a Waste of Time – a theme that FAIR™ model creator Jack Jones has campaigned on for years:

Read More [fa icon="long-arrow-right"]

Sponsored Webinar: RiskLens Introduces Rapid Risk Assessment Capability

[fa icon="calendar'] Aug 30, 2020 8:02:00 PM / by Luke Bader posted in Risk Management

[fa icon="comment"] 0 Comments

The FAIR Institute’s technical partner, RiskLens, joined us for a sponsored webinar to introduce Rapid Risk Assessment, a new capability on the RiskLens platform that brings high speed and high volume to FAIR™ analysis. 

Read More [fa icon="long-arrow-right"]

How FAIR Helped Me Rethink 3 IT Audit Questions

[fa icon="calendar'] Aug 26, 2020 10:03:56 AM / by Kevin Gust posted in Risk Management

[fa icon="comment"] 0 Comments

In my career as an IT auditor, there were a few questions I struggled to answer when communicating with clients and peers.

Read More [fa icon="long-arrow-right"]

Using FAIR to Understand Change in Resilience Risk – Guide and Webinar from Protiviti

[fa icon="calendar'] Aug 6, 2020 7:41:00 AM / by Jeff B. Copeland posted in Risk Management

[fa icon="comment"] 0 Comments

It’s a question increasingly asked by boards in these uncertain times: How resilient is our organization? FAIR Institute partner Protiviti is advancing a creative way to answer that question quantitatively using FAIR™.  

Read More [fa icon="long-arrow-right"]

How to Set Goals for a Cyber Risk Management Program and Integrate with ERM – Tips from the DOE

[fa icon="calendar'] Aug 4, 2020 7:58:00 AM / by Jeff B. Copeland posted in Risk Management, Government

[fa icon="comment"] 0 Comments

In a recent National institute of Standards and Technology webinar on integrating cybersecurity and ERM, Energy Dept. CISO Emery Csulak shared the goals his agency set for its transition to a cyber risk management program based on FAIR™ -- high-level principles that could apply equally to the government or corporate information security. 

Read More [fa icon="long-arrow-right"]

NISTIR 8286 Second Draft: Strong Focus on Risk Quantification for Aligning Cyber and Enterprise Risk Management

[fa icon="calendar'] Jul 30, 2020 7:42:00 AM / by Jack Freund posted in Risk Management, Government

[fa icon="comment"] 2 Comments

NIST has released a second draft of its groundbreaking NISTIR 8286 standard that provides a roadmap for organizations looking to better align cyber risk management with enterprise risk management functions.

Read More [fa icon="long-arrow-right"]

NASA’s Risk Management Handbook Shares the Spirit of FAIR™ and Quantitative Risk Analysis

[fa icon="calendar'] Jun 4, 2020 7:30:00 AM / by Jeff B. Copeland posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

With the first flight of an American spacecraft carrying NASA astronauts launched from US soil since 2011, a FAIR Institute Member sent us a note pointing out that the NASA Risk Management Handbook shares a lot of the spirit of FAIR™.  

Read More [fa icon="long-arrow-right"]

Five Questions the Board Should Ask the CISO

[fa icon="calendar'] May 21, 2020 7:34:00 AM / by Michael Radigan posted in Risk Management

[fa icon="comment"] 2 Comments

Board directors and senior executives are obligated to govern their organizations’ cyber risk management efforts. To this end, they are being educated by such organizations as the NACD or the Big 4 on foundational concepts of information security and cyber risk management.

Read More [fa icon="long-arrow-right"]
LEARN MORE