2018 Upcoming Events 

FAIR University Curriculum Virtual Panel Webinar

Feb. 23, 2018 | GoToMeeting Webinar

Interested in building a state-of-the-art information risk management course at your university?

Join us for the FAIR University Curriculum Virtual Panel Webinar on Friday, February 23rd, at 1 PM EST. Three FAIR Institute member professors will be on an expert panel to talk about teaching FAIR, cybersecurity, and risk management to university students.

This interactive event allows you to hear first-hand how to use the FAIR University Curriculum at your university and will provide tips and best practices to building a successful Information Risk Management course. Before the event, download the FAIR University Syllabus to help build a course for your students.


Ponemon Institute RIM Renaissance

March 9, 2018 | Tucson, AZ 

What is RIM Renaissance? RIM Renaissance brings together smart individuals in privacy and security passionate about the work they do and the challenges they face. The program features case discussions, Socratic questioning and problem-solving debates. RIM Renaissance is an opportunity to thank our Fellows, RIM Council companies and research partners for their support and encouragement of Ponemon Institute. Jack Jones will be speaking during Fireside Chat session with Ponemon Institute Chairman and Founder, Larry Ponemon. 


FAIR Institute Breakfast Meeting

Apr. 18, 2018 7:30 - 10:00 AM | Morrison & Foerster LLP | San Francisco, CA 

Join FAIR author and Institute Chairman, Jack Jones and a distinguished panel of cyber risk executives, as they unveil "The Blueprint: Successfully Building Your FAIR Risk Management Program."

Join leading cybersecurity, operational risk, and business executives who are in town for the RSA Conference 2018 to get practical advice from industry leaders who are elevating their risk management programs.


2018 FAIR Conference and Training (FAIRCON18)

October 16 & 17, 2018 | Carnegie Mellon University | Pittsburgh, PA 

Hosted by the FAIR Institute and Carnegie Mellon University’s Software Engineering Institute (SEI) and the Heinz College of Information Systems and Public Policy, the 2018 FAIR Conference brings leaders in information and operational risk management together to explore best FAIR practices that produce greater value and alignment with business goals.

Join us to meet and learn from other strategic-minded industry leaders and discover emerging best practices and models for managing information risk.


Past Events


Where Do We Go From Here? 2017 Risk Management Maturity Benchmark Survey Results Webinar

Dec. 5, 2017 | GoToMeeting Webinar

Join us as the FAIR Institute and RSA host a webinar to discuss in detail the results and findings of the 2017 Risk Management Maturity Benchmark Study.

The webinar will include in-depth analysis of survey insights by leading risk management experts. Engage in conversation with Jack Jones, Chairman of the FAIR Institute we work together to answer questions to help clarify the information to best help your organization.


InfoSecurity Connect East: Where Financial Cybersecuirty Experts Connect

Nov. 1-3, 2017 | Eden Roc Miami Beach Resort | Miami, FL

Summary: InfoSecurity Connect East is an interactive, invite-only forum for senior cybersecurity executives from some of the top US banks, credit unions, insurance and financial services organizations to come together to share and interact with their peers, learn about new solutions and services, and gain valuable insights on how to improve their cybersecurity programs and policies.


Risky Business: Strengthening Your Cyber Risk Management And Culture To Build Trust

Presented by: Jack Jones, Author and Chairman, The FAIR Institute

As cybercrime continues to rise, it needs to be a key feature on the corporate risk management agenda. But gaining and maintaining the trust of senior executives, the Board, regulators, and customers is challenging. Checking boxes in a compliance framework won’t do it, nor will the lame risk measurement practices that are commonplace today. In order to build and maintain trust, we need to fundamentally change our approach to risk management.

  • How to look at cyber risk in business terms.
  • Foundational requirements for a trustworthy cyber risk management program.


The 2017 FAIR Conference (FAIRCON17)

Oct 16 & 17, 2017 | The Hilton Anatole | Dallas, TX

Don’t miss your chance to listen to thought-provoking presentations from industry leaders, witness engaging panel discussions and network with other FAIR Institute members, on Oct. 16 & 17. This year, we'll be extending our conference to include the optional add-on of valuable on-site FAIR training courses Oct. 17-19.

More event details, speaker lineup & registration link to come. Read more about this Save the Date here.


ISACA September Chapter Meeting: Modern Cyber and Technology Risk Management

Sept 14, 2017 | Wellshire Inn | Denver, CO

Summary: Common cyber and technology risk measurement practices today are broken. The result is that organizations struggle to prioritize their risks they face, or understand the value proposition of the risk management initiatives they invest in. In this session, Jack will share the root causes that limit our effectiveness at measuring risk, and provide a workshop on Factor Analysis of Information Risk (FAIR).

Learning Objectives:

    - gain an understanding what FAIR is,
    - have an opportunity to apply it to analyze one (or more) risks.

Be forewarned though, some of what will be discussed will challenge conventional wisdom.

Who should attend
IT Leaders (CIOs/CTOs/CSOs/CISOs), IT practitioners (Directors and Managers), IT Audit and Security professionals, Internal and External Auditors.


Risk Management Summit

Apr 6, 2017 | Omni Orlando Resort at ChampionsGate | ChampionsGate, FL

Jack will be presenting two sessions at the conference:

9:00 AM – 9:30 AM
Session 1 – Revisiting the Groundwork, Jack Jones
Within the information security and risk professions there are significant differences in how people define and approach risk.  This creates significant challenges to us as professionals for everything from risk measurement, alignment with the business, and communicating with executives. Consequently, in order for the Risk Summit to be productive, it is critical that everyone in the room is on the same page on these fundamentals.

In this first section, we’ll review some basic risk concepts and terminology, which will lay the foundation for everything that follows.

4:15 PM – 5:00 PM
Making the Case to Risk Management, Jack Jones
The primary reason for measuring risk is to help executives make well-informed business decisions. 
That being the case, this final session of the day will focus on the challenges with, and practical approaches for, communicating risk analysis results to management. These tips can make the difference between glazed eyes and genuine interest by the executives whose decisions drive the risk condition of an organization. 

Register here.


Integro Client Appreciation Conference

March 29, 2017| The Fairmont Princess Resort | Scottsdale, AZ

Jack Jones will participate on a panel discussing the valuation of assets as a main barrier in insuring information risk.


FAIR Institute Breakfast Meeting

Feb 15, 2017Morrison & Foerster LLP | San Francisco, CA 

Reserve your spot for the FAIR Institute breakfast meeting during which Jack Jones will present on "The characteristics of a risk-aligned leader".

Scheduled Date: 02/15/2017 - 8:00 AM - 10:00 AM

Abstract: In his presentation, Jack Jones will describe some of the common fallacies regarding being risk aligned with the business, and provide an alternative perspective. He'll also describe what it means to be a risk-aligned leader, what it takes to get there, and how to overcome some of the inevitable obstacles.


RSA Conference 2017

Feb 15, 2017 | Moscone Center | San Francisco, CA 

Jack Jones will be presenting a session on 'Tomorrow's Cyber-Risk Analyst' (PROF-W11)

Scheduled Date: 02/15/2017 - 2:45 PM - 3:30 PM

Abstract: As our industry evolves to better align with the needs of senior executives and boards of directors, the skills and characteristics of professionals need to evolve as well.  In this session, Jack will describe what the next generation of cyber risk analysts needs to look like, where and how they can acquire these capabilities, and what the job opportunities will look like.


First Meeting of the Cyber Risk Workgroup

December 12, 2016Private 

12:00 PM - 1:00 PM

Please join the FAIR Institute today to get involved.


Fifth Meeting of the FAIR Insurance Workgroup

December 8, 2016Private 

1:00 PM - 2:00 PM

Please join the FAIR Institute today to get involved.


MIS|TI Risk Management Summit 2016

December 8, 2016 | Marriott New Orleans, 614 Canal Street, New Orleans, LA

9:00 AM - 10:00 AM

The combination of inherently limited risk management resources and an increasingly complex and dynamic risk landscape means that effective prioritization is crucial. Without it, organizations are unable to identify and resolve their most important issues, and will invariably waste resources and delay resolving important issues.

In this session, Jack Jones will highlight some of the key weaknesses in common (and even “best”) practices, as well as share insights and simple steps organizations can take to evolve their risk management programs. Be forewarned that this will be a “take no prisoners” session, because in order to evolve we have to be honest about what doesn’t work, and why.

Register here


Jack Jones to speak to ISACA Toronto Chapter

November 15, 2016Ivey Tangerine Leadership Centre, 130 King Street West, Toronto ON, M5X1A9

1:00 PM - 4:30 PM


Jack Jones presents an Educational Course on FAIR to ISACA New York Metropolitan Chapter

November 3, 2016BNY Mellon, 101 Barclay Street, 10th Floor, New York, NY

9:00 AM - 5:00 PM

Course will cover risk prioritization in information security and risk management and how to use Factor Analysis of Information Risk (FAIR) as an approach for effective prioritization and analysis of a risk scenario.

Register here


The Annual FAIR Conference

October 14, 2016Wake Forest University Charlotte Center, 200 North College Street, Charlotte, NC

7:30 AM - 5:00 PM

Hosted by the FAIR Institute, the FAIR Conference brings the foremost leaders in information risk management together to explore best FAIR practices that produce greater value and align IT with business goals. Hosted by FAIR Institute, the FAIR Conference brings leaders in information and operational risk management together to explore best FAIR practices that produce greater value and alignment with business goals. Large enterprises and government organizations are creating breakthroughs in the management of information and operational risk that enable business-aligned communication, cost effective decision-making and ultimately managing what matters.

Audience members will leave the conference with:

  • New knowledge around the FAIR model.
  • An expanded network of FAIR experts and practitioners.

Register now.


(ISC)² Security Congress

September 12, 2016 | Orlando, FL

Jack Jones will be presenting a case study on 'Quantifying Cloud Risk'

3:15 PM – 4:15 PM  

  • Audience members will leave the session with the following:

    • The power of communicating information security risk in business terms.
    • Weaknesses associated with common 3rd party risk assessment methods.
    • A pragmatic approach to quantifying information security risk.


Cornerstones of Trust

June 14, 2016 | Crowne Plaza, Foster City, CA

Jack Jones will be delivering the keynote address titled 'Just Secure What?'  

1:30 PM - 2:15 PM

  • Jack will demonstrate the challenges faced by the information security profession.
  • Share practical methods for overcoming them by leveraging the FAIR open standard.  


Infosec World 2016

April 7, 2016 | Disney Contemporary Resort, Lake Buena Vista, FL

Jack Jones will be presenting a session on 'Setting the Stage: What is Risk Anyway? Ending the Confusion'

8:15 AM – 9:00 AM  

  • Attendees will gain clarification about risk, hear examples of what’s making it so confusing, and learn what can happen if the confusion is not alleviated.
  • Learn a clear, meaningful, and practical set of definitions and concepts that can fundamentally change the risk dialog in your organization.
  • Learn how to consistently normalize risk terminology and concepts within your organization.
  • Gain an improved ability to “drill into” and evaluate someone else’s statements about risk

RSA Conference 2016

Feb 29-Mar 4, 2016 | Moscone Center San Francisco 

Jack Jones will be presenting a session on 'How infosec maturity models are missing the point' (STR-W04)

Scheduled Date: 03/02/2016 - 10:20 AM - 11:10 AM

Abstract: Infosec maturity models abound, and although they provide some value, they completely ignore fundamental elements that ultimately determine whether an infosec program is mature -- or not. In this session Jack will share what those missing elements are, why they are so critical, how to gauge maturity in those dimensions, and the steps you can take to help make your organization more mature. 

Follow-on Discussion: 03/02/2016 - 4:30 PM- 5:20 PM

Abstract: Continue the How Infosec Maturity Models Are Missing the Point conversation in a smaller group discussion and Q&A with the presenter. This session will be discussion based—no new slides will be presented. This session is limited to 50 attendees.


Jack Jones will be participating in a panel discussion on 'Habits of an Effective CISO.' (GRC-R02)

Scheduled Date: 03/03/2016 - 8:00 AM- 8:50 AM

Short Abstract: With less time and more responsibilities, how does an effective CISO manage? Three leading CISO will share their strategies for success. 


Ben Rothke, Senior eGRC Consultant, The Nettitude Group


Phil Agcaoili, Chief Information Security Officer, Elavon
Roland Cloutier, VP & CISO, ADP, Inc.
Jack Jones, EVP Research & Development, RiskLens


Jack Jones will be participating in a panel discussion on 'Aligning and Prioritizing Risk Efforts Across the Enterprise' (GRC-F03)

Scheduled date: 03/04/2016 at 11:20 AM- 12:10 PM

Short Abstract: The responsibility for managing risk rests within many parts of the organization(e.g., audit, security, compliance, etc.). Unfortunately, very often these efforts are redundant or contradictory. In this session, learn how these groups can work together to minimize confusion and “religious” debates in order to better evaluate risk and prioritize in a consistent, efficient, and aligned manner.


Jack Jones, EVP Research & Development, RiskLens


Maria Shaw, VP, IT Risk Management, McKesson
Tess Martillano, MD, IRM Enterprise Services & CIRO, Latin America & the Caribbean, BNY Mellon
Evan Wheeler, Executive Director, Operational Risk Management, DTCC


The Open Group Conference - Enabing Boundaryless Information Flow

Jan 25, 2016 | San Francisco

Isaiah McGowan will present a session on 'Steps to Success - Lessons Learned on Successfully Adopting OpenFAIR'

Abstract: In the two years since it’s establishment as an international standard, OpenFAIR has been adopted by many organizations –from the smallest to the largest- as their risk analysis method of choice. These programs span the spectrum of qualitative and quantitative approaches.

This session will explore key attributes of a successful OpenFAIR implementation, pitfalls to avoid when adopting OpenFAIR, and examples of how OpenFAIR can help mature virtually any risk program.