Press Release: FAIR Book Inducted into the 2016 Cybersecurity Canon

[fa icon="calendar"] Apr 5, 2016 7:00:00 AM / by James Finn

James Finn


Measuring and Managing Information Risk: A FAIR Approach 
Inducted into the Cybersecurity Canon
at Palo Alto Networks 2016 Ignite Conference

Annual Awards Celebrate Books that Reflect the Modern Cybersecurity Industry 


Las Vegas, Nev., April 5, 2016 – Measuring and Managing Information Risk: A FAIR Approach, co-authored by Dr. Jack Freund and Jack Jones, today announced it was inducted into the 2016 Cybersecurity Canon, recognizing authors and works of literature that accurately depict the history, milestones, and culture of the modern cybersecurity industry.


(L-R): Rick Howard, CSO, Palo Alto Networks, congratulates Jack Freund and Jack Jones, co-authors of Measuring and Managing Information Risk: A FAIR Approach.

Winning authors and books were honored during the opening reception of Ignite 2016, the Palo Alto Networks annual user conference where thousands of next-generation security professionals learn how a breach prevention-minded approach to cybersecurity is changing the industry.

Widely considered the information risk manager’s bible, Measuring and Managing Information Risk uses the factor analysis of information risk (FAIR) methodology developed over ten years by Jack Jones, and adopted by corporations worldwide. The book provides a proven and credible framework for understanding, measuring, and analyzing information risk of any size or complexity, and is intended for organizations that need to either build a risk management program from the ground up or strengthen an existing one. The book provides a unique and fresh perspective on how to do a basic quantitative risk analysis, and covers key areas including: risk theory, risk calculation, scenario modeling, and communicating risk within the organization, Measuring and Managing Information Risk helps managers make better business decisions by understanding their organizational risk.

Jones is one of the foremost authorities in the field of information risk. In addition to serving as EVP of R&D at RiskLens, Jones is Chairman of the FAIR Institute, an expert, non-profit organization led by information risk officers, CISOs and business executives to develop standard information risk management practices based on the Factor Analysis of Information Risk (FAIR).

Jones holds the CRISC, CISM, CISA, and CISSP certifications and is on the ISACA CRISC Committee and the ISC2 Ethics Committee. He has worked in technology for thirty years and in risk management for 24 years. He has over nine years of experience as a CISO with three different companies, including five years at Nationwide Insurance. His work there was recognized in 2006 when he received the ISSA Excellence in the Field of Security Practices award at that year's RSA conference. In 2007, he was selected as a finalist for the Information Security Executive of the Year, Central United States, and in 2012 was honored with the CSO Compass award for leadership in risk management.



  • “Jack Freund and I are grateful to the organizers of the Canon Project for this coveted honor. This special citation affirms the need for a comprehensive understanding and practical execution of risk management strategies using the FAIR framework. Information risk professionals today are expected to articulate cyber risk in terms that the business and the board can understand, dollars and cents, and to enable cost-effective decision-making.” - Jack Jones, co-author, Measuring & Managing Information Risk; EVP of R&D, RiskLens; Chairman, Fair Institute
  • “The Cybersecurity Canon is a highly curated list of ‘must-read’ books in which the content is timeless, genuinely represents an aspect of our community that is true and precise, and, if not read, represents a cybersecurity professional’s missed opportunity to broaden their perspective. We heartily congratulate and welcome Jack Freund and Jack Jones to the Canon.” - Rick Howard, CSO, Palo Alto Networks, and chairman of the Cybersecurity Canon committee


About The Cybersecurity Canon

Launched in 2014 by Palo Alto Networks Chief Security Officer Rick Howard, the Cybersecurity Canon aims to promote the continued education of cybersecurity professionals by providing a curated list of both fiction and non-fiction works that advance the discussion of modern industry issues. A Cybersecurity Canon advisory board of tenured researchers, industry professionals and journalists who have devoted their careers to the field of cybersecurity meets during the year to vote on new inclusions and future honorees. Nominees for the Canon awards are selected by the committee. Practitioners are also invited to vote for nominees as part of the selection process. 

For more about the Cybersecurity Canon:

About the FAIR Institute

The FAIR Institute is an expert, non-profit organization led by information risk officers, CISOs and business executives, created to develop and share standard information risk management practices based on FAIR. Factor Analysis of Information Risk (FAIR) is the only international standard value-at-risk model for information security and operational risk. FAIR helps organizations quantify and manage risk from the business perspective and enables cost-effective decision-making. To learn more and get involved visit


Media-analyst contact:

Jim Engineer
e-Rainmaker PR for the FAIR Institute
Mobile: +1 630.728.1387


Topics: FAIR, Risk Management

Order Your Own Copy Today

Subscribe to Email Updates

Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts