FAIR Institute Blog

NIST Maps FAIR to the CSF - Big Step Forward in Acceptance of Cyber Risk Quantification

[fa icon="calendar'] Nov 19, 2019 2:36:00 PM / by Jeff B. Copeland posted in FAIR, Risk Management

[fa icon="comment"] 1 Comment

It's official: NIST has formally published FAIR as an Informative Reference to the NIST CSF, the most widely used cybersecurity framework in the U.S,  a major milestone in the history of FAIR. This means that there is mapping between FAIR and the NIST CSF standard in the sections covering risk analysis and risk management.

Read More [fa icon="long-arrow-right"]

FAIRCON19 Video: Tips on Building a Cybersecurity Program with a Risk Management Framework & FAIR

[fa icon="calendar'] Nov 14, 2019 10:43:57 AM / by Jeff B. Copeland posted in Risk Management, FAIR Conference 2019

[fa icon="comment"] 0 Comments

Don’t think of cybersecurity standards and frameworks as checklists – think of them as recipes with plenty of room for “season to taste.” That was the message coming out of a panel discussion at the 2019 FAIR Conference on the topic “Building a Cybersecurity Program with a Risk Management Framework & FAIR,”

Read More [fa icon="long-arrow-right"]

Gartner’s John Wheeler: Many Organizations Using IRM and FAIR to Achieve ‘Techquilibrium’

[fa icon="calendar'] Oct 22, 2019 12:15:00 PM / by Jeff B. Copeland posted in Risk Management

[fa icon="comment"] 0 Comments

John A. Wheeler, Gartner’s influential global research leader for risk management technology solutions and services, is just out with a new blog post introducing the concept of “techquilibrium”, defined as “the balance point where the enterprise has the right mix of traditional and digital capabilities

Read More [fa icon="long-arrow-right"]

Watch the Video from FAIRCON19: Perfecting a CISO Board Presentation with James Lam and Chris Inglis

[fa icon="calendar'] Oct 22, 2019 9:24:03 AM / by Luke Bader posted in Risk Management, FAIR Conference 2019

[fa icon="comment"] 0 Comments

It was one of the most closely listened-to panel discussions of the recent 2019 FAIR Conference: “Pen-Testing Your Board Pitch,” starring two veteran board members, James Lam (E*TRADE) and Chris Inglis (FedEx) [photo, right], presenting attendees with a rare opportunity to hear directly from the source

Read More [fa icon="long-arrow-right"]

Health IT Security Interviews Highmark Health’s Omar Khawaja on How FAIR Drives Security Processes

[fa icon="calendar'] Oct 15, 2019 11:29:30 AM / by Jeff B. Copeland posted in Risk Management

[fa icon="comment"] 0 Comments

CISO Omar Khawaja built a highly rated security program for Highmark Health, the major manager of health plans and hospitals – but something was missing, he told Health IT Security in a recently published interview.

Read More [fa icon="long-arrow-right"]

All-in-One Matrix: Regulatory Compliance Risk Assessment Overview - Updated with NIST CSF + FAIR

[fa icon="calendar'] Sep 19, 2019 10:45:00 AM / by Steve Reznik posted in FAIR, Risk Management, White Paper

[fa icon="comment"] 1 Comment

Originally published in April, 2019, this summary matrix has now been updated to include the integration of FAIR into the NIST Cybersecurity Framework. NIST has now listed FAIR as an Informative Reference for risk management and risk assessment in the framework. Learn more in this blog post: NIST Maps FAIR to the CSF: Big Step Forward in Acceptance of Cyber Risk Quantification.

Read More [fa icon="long-arrow-right"]

No Time to Talk Cyber Risk, Senior Executives Say

[fa icon="calendar'] Sep 19, 2019 8:14:00 AM / by Jeff B. Copeland posted in Risk Management

[fa icon="comment"] 0 Comments

In a new survey for Microsoft and insurance broker Marsh, only 17% of the senior executives surveyed said they spent more than a few days cumulatively over the past year on cyber risk. More than half, 51%, spent several hours or less. Yet 80% of organizations ranked cyber risk as a top-five concern.

Read More [fa icon="long-arrow-right"]

Creating a Cyber Risk Intelligence Framework with FAIR – Jack Freund in ISSA Journal

[fa icon="calendar'] Sep 17, 2019 8:45:00 AM / by Jeff B. Copeland posted in Risk Management

[fa icon="comment"] 1 Comment

In an important article for ISSA Journal, Jack Freund, PhD, co-author of the FAIR book, Measuring and Managing Information Risk, introduces the concept of a Cyber Risk Intelligence Framework that combines four standard frameworks, including FAIR

Read More [fa icon="long-arrow-right"]

Three Reasons You Should Get FAIR Certified

[fa icon="calendar'] Sep 6, 2019 11:00:00 AM / by David Musselwhite posted in FAIR, Risk Management

[fa icon="comment"] 1 Comment

Whether you’ve just been introduced to FAIR, recently completed RiskLens’ FAIR training, or learned about FAIR through self-study, pursuing the Open FAIR Certification is a worthwhile goal. As more large companies and regulatory bodies accept FAIR as a leading methodology for quantitatively analyzing risk, the Open FAIR Certification is becoming increasingly valuable. 

Read More [fa icon="long-arrow-right"]

Jack Freund in ISACA Blog: Stop Telling Yourself Risk Management Stories

[fa icon="calendar'] Sep 6, 2019 8:45:00 AM / by Jeff B. Copeland posted in Risk Management

[fa icon="comment"] 0 Comments

FAIR book co-author Jack Freund, PhD, recently spoke with the risk management team at a large retailer with a firm belief that “organizational apocalypse will occur if the website goes down.” A FAIR analyst on staff ran the numbers on the potential impact of a site outage – and found no apocalypse, just a manageable problem.

Read More [fa icon="long-arrow-right"]
LEARN MORE

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts