In an article just out on FedScoop, Why government is slow to endorse frameworks for quantifying cybersecurity risk, Dave Nyczepir reports that, while qualitative, red-yellow-green approaches risk still dominate, the move to FAIR-based, quantification-driven risk management is well underway among federal agencies – actually, despite the FedScoop headline, at high speed by the cautious standards of the federal bureaucracy. The article quotes FAIR Institute Chairman Jack Jones and President Nick Sanna extensively.
