With the first flight of an American spacecraft carrying NASA astronauts launched from US soil since 2011, a FAIR Institute Member sent us a note pointing out that the NASA Risk Management Handbook shares a lot of the spirit of FAIR™.
Board directors and senior executives are obligated to govern their organizations’ cyber risk management efforts. To this end, they are being educated by such organizations as the NACD or the Big 4 on foundational concepts of information security and cyber risk management.
“All models are wrong, but some are useful.” By those words, professor and statistician George Box reminds us that models, including the FAIR™ Model, are approximations of reality.
>>DHS/OMB mean well in pushing for a risk-based approach to cybersecurity in the Federal Government, but their requirements fall short of helping agencies effectively prioritize and right-size their cybersecurity investments
If you’re looking to make a case for budget or other executive support for a cybersecurity program, FAIR™ model creator Jack Jones shows you the way in this webinar
RiskLens--the technical advisor of the FAIR Institute and the company with the only SaaS platform for quantitative cyber risk management based on the FAIR model--is offering new solutions to help security and risk professionals meet the extraordinary challenges of these pandemic times.
Watch this webinar for a fresh look at analyzing and acting on cyber risk, as FAIR Institute Chairman and FAIR model creator Jack Jones, applies “situational awareness” from the world of the military to the cyber world.
NIST has released a draft document to help organizations align their cyber risk management operations with an enterprise risk management function.
Many organizations look to NIST to help them construct their cyber security programs. Security frameworks, such as NIST CSF, are very popular for helping to ensure you’ve identified a complete list of necessary controls
The Cyentia Institute recently published the Information Risk Insights Study (IRIS), which utilized data gathered via Advisen on tens of thousands of known cyber events over the past decade to draw conclusions about the frequency and magnitude of such events.