Jack Jones led the discussion at this month’s meeting of the FAIR Institute’s Data Utilization Work Group, including fielding this question from a FAIR Institute member about data breaches. Jack is the Institute’s Chairman and the co-author of Measuring and Managing Information Risk: A FAIR Approach.
During the March meeting of the Operational Risk Workgroup, the members took on a project to recast a list of top operational risks using the FAIR risk model. Every year, you’ll find numerous lists of supposed “top risks” from analysts, surveys, professional organizations, etc. with something in common: They don’t actually provide true risks.
“Likelihood” is one of those words, like “risk” itself, that appears repeatedly in the risk management literature but casts as much shadow as light on the subject. In this article, we’ll see that likelihood is a probability, and why it is sometimes best expressed as an expected frequency of occurrence.
In this short 5 min video, FAIR author Jack Jones gives an overview of the FAIR model for risk measurement and management, the training opportunities for FAIR and the professional organization, the FAIR Institute.
Listen carefully around the halls of the Moscone Center and you could hear a shift in the buzz at this year’s RSA Conference, compared to years past.
“When will you be home?”
I have finally learned how to respond to text messages like this – and more pointedly how not to.
If you weren't able to make it to San Francisco for both the FAIR Institute Breakfast Meeting and RSA Conference 2017, here is your chance to hear Jack Jones' presentation on the characteristics of a risk-aligned leader.
Just one year old, the FAIR Institute has hit 1,000 members, including cyber and operational risk executives from some of the biggest names in corporate America and the public sector.
Last time on "A Year in the Life of OpenFAIR," we covered the establishment of an internal risk triage tool that my firm developed.
Hear John Carlin, chair of the global risk and crisis management practice at Morrison & Foerster and formerly in charge of the cyber security division at the US Department of Justice, speak about a transformative experience that cyber risk quantification brought about in two government organizations.