It's official: NIST has formally published FAIR as an Informative Reference to the NIST CSF, the most widely used cybersecurity framework in the U.S, a major milestone in the history of FAIR. This means that there is mapping between FAIR and the NIST CSF standard in the sections covering risk analysis and risk management.
Don’t think of cybersecurity standards and frameworks as checklists – think of them as recipes with plenty of room for “season to taste.” That was the message coming out of a panel discussion at the 2019 FAIR Conference on the topic “Building a Cybersecurity Program with a Risk Management Framework & FAIR,”
John A. Wheeler, Gartner’s influential global research leader for risk management technology solutions and services, is just out with a new blog post introducing the concept of “techquilibrium”, defined as “the balance point where the enterprise has the right mix of traditional and digital capabilities
Watch the Video from FAIRCON19: Perfecting a CISO Board Presentation with James Lam and Chris Inglis
It was one of the most closely listened-to panel discussions of the recent 2019 FAIR Conference: “Pen-Testing Your Board Pitch,” starring two veteran board members, James Lam (E*TRADE) and Chris Inglis (FedEx) [photo, right], presenting attendees with a rare opportunity to hear directly from the source
CISO Omar Khawaja built a highly rated security program for Highmark Health, the major manager of health plans and hospitals – but something was missing, he told Health IT Security in a recently published interview.
Originally published in April, 2019, this summary matrix has now been updated to include the integration of FAIR into the NIST Cybersecurity Framework. NIST has now listed FAIR as an Informative Reference for risk management and risk assessment in the framework. Learn more in this blog post: NIST Maps FAIR to the CSF: Big Step Forward in Acceptance of Cyber Risk Quantification.
In a new survey for Microsoft and insurance broker Marsh, only 17% of the senior executives surveyed said they spent more than a few days cumulatively over the past year on cyber risk. More than half, 51%, spent several hours or less. Yet 80% of organizations ranked cyber risk as a top-five concern.
In an important article for ISSA Journal, Jack Freund, PhD, co-author of the FAIR book, Measuring and Managing Information Risk, introduces the concept of a Cyber Risk Intelligence Framework that combines four standard frameworks, including FAIR
Whether you’ve just been introduced to FAIR, recently completed RiskLens’ FAIR training, or learned about FAIR through self-study, pursuing the Open FAIR Certification is a worthwhile goal. As more large companies and regulatory bodies accept FAIR as a leading methodology for quantitatively analyzing risk, the Open FAIR Certification is becoming increasingly valuable.
FAIR book co-author Jack Freund, PhD, recently spoke with the risk management team at a large retailer with a firm belief that “organizational apocalypse will occur if the website goes down.” A FAIR analyst on staff ran the numbers on the potential impact of a site outage – and found no apocalypse, just a manageable problem.
