Combining NIST CSF and FAIR to Drive Better Cyber Risk Decisions - RiskLens Sponsored Webinar

Title: Combining NIST CSF and FAIR to Drive Better Cyber Risk Decisions

Freund, Amit, FAIRCON19-1

Date and Time: Tuesday, January 14 at 11 AM EST
(Save to Outlook)


  • Jack Freund, PhD, Director of Risk Science, RiskLens & Co-Author, Measuring and Managing Information Risk: A FAIR Approach
  • Ian Amit, CSO, Cimpress

About: If you are a private sector organization driving your security program forward with the NIST-CSF framework, or a U.S. Government Agency working to adhere to the NIST Framework for Improving Critical Infrastructure Cybersecurity, you're on the right track to better outcomes.

But you need to understand that while these frameworks seek to help "drive standards, guidelines and best practices to manage cybersecurity-related risk" they do not actually help you truly understand those risks in business terms.

A few months ago, NIST formally published FAIR as an Informative Reference to the NIST CSF, the most widely used cybersecurity framework in the U.S. and effectively the same framework U.S. Government Agencies are mandated to follow. 

This is a major milestone in the history of FAIR. It means that there is mapping between FAIR and the NIST CSF standard in the sections covering risk analysis and risk management. See FAIR officially listed in the Informative Reference Catalog on the NIST CSF website.

By marrying these NIST frameworks with FAIR - you get the best of both worlds. FAIR is the magic sauce that leading thinkers at Fortune 1,000 organizations and government agencies are using in tandem with NIST to drive better, smarter investments.

Hear from Jack Freund on how the NIST CSF and FAIR mapping works. Hear from Ian Amit on how he has applied NIST CSF and FAIR in his security practice.

We'll leave a few minutes at the close of the presentation for open Q&A.


Speaker Bios:

Jack FreundJack Freund, PhD, Director of Risk Science, RiskLens & Co-Author, Measuring and Managing Information Risk: A FAIR Approach

Dr. Jack Freund is a leading voice in cyber risk measurement and management. He is an expert at using risk quantification to implement, mature, and sell information risk and security programs. Jack is currently serving as Director, Risk Science at RiskLens and previously worked for TIAA as Director, Cyber Risk. The book Jack co-authored on quantifying risk (Measuring and Managing Information Risk: A FAIR Approach) was inducted into the Cybersecurity Canon in 2016. Jack’s writings have appeared in the ISSA Journal, Homeland Security Today, and the @ISACA newsletter.


Ian Amit, CSO, CimpressIan Amit Cimpress

Ian Amit is the Chief Security Officer at Cimpress, a publicly traded global technology company with presence in over 45 countries. He has been a security practitioner and a hacker for over 20 years, with his career spanning executive leadership positions with companies such as Amazon, ZeroFox, IOActive, Aladdin, and more. He is one of the founders of the Penetration Testing Execution Standard, a co-founder of the Tel Aviv DEFCON group, serves on the board of directors of BSides Las Vegas, and serves on several advisory boards of security companies.