Mar. 3 & 4, 2019 | 8:00 AM - 5:00 PM | 414 Mason St., 8th Floor, Suite 800, San Francisco, CA, 94102
FAIR Analysis Fundamentals training from FAIR Institute Technical Advisor, RiskLens, provides the conceptual foundation and practical experience necessary to competently perform FAIR analyses. This training course is led by experienced practitioners and will improve participants' abilities to identify, measure, and communicate risk.
Sign up today for the FAIR Analysis Fundamentals Course before the 2019 RSA Conference kicks off. At the conclusion training, you will walk away as an analyst able to:
Mar. 6, 2019 | 8:00 AM - 11:00 AM | Courtyard by Marriott San Francisco Downtown, 299 2nd Street, Rincon Hill Room, San Francisco, CA, 94105
Last year, Jack Jones presented a road-map for successfully adopting FAIR within an organization and enable more effective decision-making. Since then, many organizations have applied that expertise and channeled it into many concrete examples of FAIR Adoption.
Join other cyber risk executives for a high-impact breakfast meeting on Wednesday, March 6 at 8 AM, during the RSA Conference 2019 in San Francisco to learn from other industry leaders about their experiences on:
Jan. 13 & 15, 2019 | Jacob K. Javits Convention Center, New York City, NY
The world’s largest retail conference and expo isn’t just a conference, it’s a community. Filled with a global audience and exhibitor base that could only come from NRF. It’s a marketplace for ideas and relationships. A chance to forge new partnerships, try out best-in-class experiences, and learn from some of the biggest players transforming retail today. An event guaranteed to drive impact. Because after all, what’s the point of a show if you have nothing to show for it?
Join FAIR Institute Chairman, Jack Jones, as he presents on the Security Council Panel on January 15.
Nov. 15, 2018 | 8:30 AM - 11:00 AM | Morrison & Foerster | 2000 Pennsylvania Avenue, NW, Suite 6000, Washington, DC 20006
The Inaugural FAIR Institute Federal Government Chapter Breakfast Meeting will be held on Thursday, November 15, on the topic of "Assessing Cyber Risk in Federal Government." Come listen to and learn from the author of FAIR, Jack Jones, representatives from OMB, and cyber risk officers from federal agencies that have started on this journey.
This chapter of the FAIR Institute, a non-profit, expert learning organization, was born out of the desire of several federal government agencies and the White House/OMB to learn more about the standard FAIR risk model and how it can help them to come up with a common risk taxonomy, a shared cyber risk quantification methodology, and better ways to assess the effectiveness of risk mitigations and the adequacy of cybersecurity budgets to meet Executive Order 13800.
Nov. 13, 2018 | 11:30 PM - 2:30 PM | The City Club of San Francisco | 155 Sansome Street, 10th Floor, San Francisco, CA 94104
Directors are constantly faced with the need to find the best ways to discuss and quantify cybersecurity risk. They need to more clearly understand the financial exposure that cyberbreach incidents represent to their business, and be able to discuss technical issues based on what they mean to the company’s bottom line. Boards should strive to be able to hold discussions with their management teams about cybersecurity and cyber risks where cyber risk is no longer evaluated in technical terms or in "red-yellow-green" heat maps, but in the economic language of business.
Join NACD and RiskLens for this roundtable event with Nick Sanna, RiskLens CEO, and Jack Jones, RiskLens co-founder and creator of the FAIR standard, on November 13 in San Francisco. We’ll discuss strategies and methods that will help you to quantify your organization’s cybersecurity risks and identify the questions you should ask of your management teams in order to better discuss these risks in business terms.
October 25-26, 2018 | Lansdowne Resort and Spa| Leesburg, VA
The purpose of the GRF Summit on Third-Party Risk is to increase awareness of security best practices, offer an opportunity for collaboration among third-party vendors and organizations’ risk management teams, and provide a platform for security leaders to share expertise and learn from each other to improve holistic security.
Jack Jones, Chairman of the FAIR Institute, will be presenting during his session, "How to Economically Justify Your Risk Management Needs" on Friday, October 26, from 3-3:30 PM.
October 19, 2018 | Monroeville Convention Center | Pittsburgh, PA
Pittsburgh region information technology and security organizations are working together to increase awareness, collaboration and knowledge among the local information security community. Local security groups and partners hosting the symposium include InfraGard Pittsburgh, ISSA, and OWASP. AITP, ISACA, ISC2, RMU’s Top Secret Colonials, and Steel City InfoSec are also providing local support for this event.
Join Jack Jones at the TRISS Conference to hear him speak on "Managing Cybersecurity Surprises" and how FAIR and risk quantification work to mitigate those surprises.
October 16 & 17, 2018 | Carnegie Mellon University | Pittsburgh, PA
Hosted by the FAIR Institute and Carnegie Mellon University’s Software Engineering Institute (SEI) and the Heinz College of Information Systems and Public Policy, the 2018 FAIR Conference brings leaders in information and operational risk management together to explore best FAIR practices that produce greater value and alignment with business goals.
Join us to meet and learn from other strategic-minded industry leaders and discover emerging best practices and models for managing information risk.
IANS 2018 Charlotte Information Security Forum delivers an immersive curriculum with over 30+ sessions led by esteemed IANS Faculty, global information security thought leaders and solution providers. Attend the two-day Forum to gain actionable technical solutions and leadership insights focused on current and emerging challenges facing enterprise security leaders.
FAIR Institute Chairman Jack Jones will be presenting the Opening Keynote at 9 AM on Wednesday, September 26, titled "Modern Cyber and Technology Risk Management."
Sept. 10-13, 2018 | 9:00 AM - 5:00 PM | Hilton Baltimore | 401 W. Pratt Street, Baltimore, MD 21201
Sign up today for a new four day FAIR training course "Measuring and Managing Cyber Risk Using FAIR." In addition to the foundational knowledge required to apply the FAIR model, the course features in-depth treatment of the Risk Management Process and the role FAIR plays in each of its five phases: Risk Identification, Risk Analysis, Risk Evaluation, Risk Treatment, and Risk Monitoring.
After completing this course, you will have the skills and resources necessary to measure the risk associated with scenarios of all types. This will prepare you to fundamentally change the way risk management is conducted in your organization and make huge contributions to the protection of your company's value.
Join us at the RSA Archer Summit 2018. This conference will provide invaluable face-to-face opportunities to discover best practices, hear about the latest product innovations, network with other customers, and meet one-on-one with RSA Archer experts and executives. RSA Archer Summit 2018 is your chance to let us know what product advances you’d like to see in future releases, connect with other leaders in your industry and gain firsthand knowledge that you can’t get at your desk.
Join us at a special session Quantifying Cyber Risk with RSA Archer. Jack Jones, Chairman of the FAIR Institute and author of FAIR, will be speaking on the importance of quantifying cyber risk.
Join a distinguished panel of cyber risk executives and fellow FAIR members, as they discuss "The Blueprint: Successfully Building Your FAIR Risk Management Program."
May 2-3, 2018 | 7:30 AM - 5:00 PM CST | City Place Conference Center, 2711 N. Haskell Ave., Dallas, TX 75204
IANS 2018 Dallas Information Security Forum delivers an immersive curriculum with over 30+ sessions led by esteemed IANS Faculty, global information security thought leaders and solution providers. Attend the two-day Forum to gain actionable technical solutions and leadership insights focused on current and emerging challenges facing enterprise security leaders.
Attend the conference to hear Jack Jones, Chairman of the FAIR Institute, present the opening keynote, "Modern Cyber Technology Risk Management" on Wednesday, May 2 at 9 AM.
Apr. 24, 2018 | 8:30 AM - 5:00 PM | NRECA Conference Center, 4301 Wilson Blvd., Arlington, VA 22203
Carnegie Mellon University’s CERT Cybersecurity Division is hosting a day-long symposium focused on proactively developing and implementing a cybersecurity risk and resilience strategy. A team of experts, from both the public and private sectors, will explore cybersecurity scenarios and provide guidance that you can apply immediately within any organization. Jack Jones will be speaking on a panel titled "Enterprise & Cyber-Risk Management - New Capabilities and Expert Panel."
Registration to this event is free, but space is limited to the first 200 registrants. A continental breakfast and lunch will be provided.
Apr. 19, 2018 | 8:00 - 9:30 AM | RSA Booth N3601 - Moscone North Expo Hall
Join RSA Archer on Thursday April 19th for breakfast and a demo of our new RSA Archer Cyber Risk Quantification® use case. Jack Jones will be present and will speak at 8:25 AM about Best Practices for FAIR Risk Management.
Apr. 18, 2018 | 3:00 - 3:30 PM | Moscone West 2018, RSA Conference | San Francisco, CA
Identity and access management (IAM) has been a longtime domain for information security. How much energy should we be investing in these programs? How much risk is there for managing identities? Join Jack Jones and other FAIR Institute Members at this session to hear their approaches and understanding of the issues involved.
Join FAIR author and Institute Chairman, Jack Jones and a distinguished panel of cyber risk executives, as they unveil "The Blueprint: Successfully Building Your FAIR Risk Management Program."
Leading cybersecurity, operational risk, and business executives who are in town for the RSA Conference 2018 to get practical advice from industry leaders who are elevating their risk management programs.
Apr. 17, 2018 | 3:30 - 4:15 PM | Moscone South Esplanade 157, RSA Conference | San Francisco, CA
For years the information security community has argued that it is hamstrung by a lack of data. Now we’re hearing organizations complain that they don’t know what to do with all of the telemetry they get from their security technologies. In this session Jack Jones will share insights regarding data-related opportunities and challenges, what the future holds, and how we can leverage data effectively.
March 9, 2018 | Tucson, AZ
What is RIM Renaissance? RIM Renaissance brings together smart individuals in privacy and security passionate about the work they do and the challenges they face. The program features case discussions, Socratic questioning and problem-solving debates. RIM Renaissance is an opportunity to thank our Fellows, RIM Council companies and research partners for their support and encouragement of Ponemon Institute. Jack Jones will be speaking during Fireside Chat session with Ponemon Institute Chairman and Founder, Larry Ponemon.
Feb. 23, 2018 | GoToMeeting Webinar
Interested in building a state-of-the-art information risk management course at your university?
Join us for the FAIR University Curriculum Virtual Panel Webinar on Friday, February 23rd, at 1 PM EST. Three FAIR Institute member professors will be on an expert panel to talk about teaching FAIR, cybersecurity, and risk management to university students.
This interactive event allows you to hear first-hand how to use the FAIR University Curriculum at your university and will provide tips and best practices to building a successful Information Risk Management course. Before the event, download the FAIR University Syllabus to help build a course for your students. You can watch the full recording here.
Dec. 5, 2017 | GoToMeeting Webinar
Join us as the FAIR Institute and RSA host a webinar to discuss in detail the results and findings of the 2017 Risk Management Maturity Benchmark Study.
The webinar will include in-depth analysis of survey insights by leading risk management experts. Engage in conversation with Jack Jones, Chairman of the FAIR Institute we work together to answer questions to help clarify the information to best help your organization.
Nov. 1-3, 2017 | Eden Roc Miami Beach Resort | Miami, FL
Summary: InfoSecurity Connect East is an interactive, invite-only forum for senior cybersecurity executives from some of the top US banks, credit unions, insurance and financial services organizations to come together to share and interact with their peers, learn about new solutions and services, and gain valuable insights on how to improve their cybersecurity programs and policies.
Risky Business: Strengthening Your Cyber Risk Management And Culture To Build Trust
Presented by: Jack Jones, Author and Chairman, The FAIR Institute
As cybercrime continues to rise, it needs to be a key feature on the corporate risk management agenda. But gaining and maintaining the trust of senior executives, the Board, regulators, and customers is challenging. Checking boxes in a compliance framework won’t do it, nor will the lame risk measurement practices that are commonplace today. In order to build and maintain trust, we need to fundamentally change our approach to risk management.
Oct 16 & 17, 2017 | The Hilton Anatole | Dallas, TX
Don’t miss your chance to listen to thought-provoking presentations from industry leaders, witness engaging panel discussions and network with other FAIR Institute members, on Oct. 16 & 17. This year, we'll be extending our conference to include the optional add-on of valuable on-site FAIR training courses Oct. 17-19.
More event details, speaker lineup & registration link to come. Read more about this Save the Date here.
Sept 14, 2017 | Wellshire Inn | Denver, CO
Summary: Common cyber and technology risk measurement practices today are broken. The result is that organizations struggle to prioritize their risks they face, or understand the value proposition of the risk management initiatives they invest in. In this session, Jack will share the root causes that limit our effectiveness at measuring risk, and provide a workshop on Factor Analysis of Information Risk (FAIR).
Be forewarned though, some of what will be discussed will challenge conventional wisdom.
Who should attend
IT Leaders (CIOs/CTOs/CSOs/CISOs), IT practitioners (Directors and Managers), IT Audit and Security professionals, Internal and External Auditors.
Jack will be presenting two sessions at the conference:
9:00 AM – 9:30 AM
Session 1 – Revisiting the Groundwork, Jack Jones
Within the information security and risk
In this first section, we’ll review some basic risk concepts and terminology, which will lay the foundation for everything that follows.
4:15 PM – 5:00 PM
Making the Case to Risk Management, Jack Jones
The primary reason for measuring risk is to help executives make well-informed business decisions.
That being the case, this final session of the day will focus on the challenges with, and practical approaches for, communicating risk analysis results to management. These tips can make the difference between glazed eyes and genuine interest by the executives whose decisions drive the risk condition of an organization.
Jack Jones will participate on a panel discussing the valuation of assets as
Reserve your spot for the FAIR Institute breakfast meeting during which Jack Jones will present on "The characteristics of a risk-aligned leader".
Scheduled Date: 02/15/2017 - 8:00 AM - 10:00 AM
Abstract: In his presentation, Jack Jones will describe some of the common fallacies regarding being risk aligned with the business, and provide an alternative perspective. He'll also describe what it means to be a risk-aligned leader, what it takes to get there, and how to overcome some of the inevitable obstacles.
Jack Jones will be presenting a session on 'Tomorrow's Cyber-Risk Analyst' (PROF-W11)
Scheduled Date: 02/15/2017 - 2:45 PM - 3:30 PM
Abstract: As our industry evolves to better align with the needs of senior executives and boards of directors, the skills and characteristics of professionals need to evolve as well. In this session, Jack will describe what the next generation of cyber risk
12:00 PM - 1:00 PM
Please join the FAIR Institute today to get involved.
1:00 PM - 2:00 PM
Please join the FAIR Institute today to get involved.
9:00 AM - 10:00 AM
The combination of inherently limited risk management resources and an increasingly complex and dynamic risk landscape means that effective prioritization is crucial. Without it, organizations are unable to identify and resolve their most important issues, and will invariably waste resources and delay resolving important issues.
In this session, Jack Jones will highlight some of the key weaknesses in common (and even “best”) practices, as well as share insights and simple steps
1:00 PM - 4:30 PM
9:00 AM - 5:00 PM
7:30 AM - 5:00 PM
Hosted by the FAIR Institute, the FAIR Conference brings the foremost leaders in information risk management together to explore best FAIR practices that produce greater value and align IT with business goals. Hosted by FAIR Institute, the FAIR Conference brings leaders in information and operational risk management together to explore best FAIR practices that produce greater value and alignment with business goals. Large enterprises and government organizations are creating breakthroughs in the management of information and operational risk that enable business-aligned communication,
Audience members will leave the conference with:
Jack Jones will be presenting a case study on 'Quantifying Cloud Risk'
3:15 PM – 4:15 PM
Audience members will leave the session with the following:
Jack Jones will be delivering the keynote address titled 'Just Secure What?'
1:30 PM - 2:15 PM
Jack Jones will be presenting a session on 'Setting the Stage: What is Risk Anyway? Ending the Confusion'
8:15 AM – 9:00 AM
Feb 29-Mar 4, 2016 | Moscone Center San Francisco
Jack Jones will be presenting a session on 'How infosec maturity models are missing the point' (STR-W04)
Scheduled Date: 03/02/2016 - 10:20 AM - 11:10 AM
Abstract: Infosec maturity models abound, and although they provide some value, they completely ignore fundamental elements that ultimately determine whether an infosec program is mature -- or not. In this
Follow-on Discussion: 03/02/2016 - 4:30 PM- 5:20 PM
Abstract: Continue the How Infosec Maturity Models Are Missing the Point conversation in a smaller group discussion and Q&A with the presenter. This session will be discussion based—no new slides will be presented. This session is limited to 50 attendees.
Jack Jones will be participating in a panel discussion on 'Habits of an Effective CISO.' (GRC-R02)
Scheduled Date: 03/03/2016 - 8:00 AM- 8:50 AM
Short Abstract: With less time and more responsibilities, how does an effective CISO manage? Three leading CISO will share their strategies for success.
Ben Rothke, Senior eGRC Consultant, The
Phil Agcaoili, Chief Information Security Officer, Elavon
Roland Cloutier, VP & CISO, ADP, Inc.
Jack Jones, EVP Research & Development, RiskLens
Jack Jones will be participating in a panel discussion on 'Aligning and Prioritizing Risk Efforts Across the Enterprise' (GRC-F03)
Scheduled date: 03/04/2016 at 11:20 AM- 12:10 PM
Short Abstract: The responsibility for managing risk rests within many parts of the organization(e.g., audit, security, compliance, etc.). Unfortunately, very often these efforts are redundant or contradictory. In this session, learn how these groups can work together to minimize confusion and “religious” debates in order to better evaluate risk and prioritize in a consistent, efficient, and aligned manner.
Jack Jones, EVP Research & Development, RiskLens
Maria Shaw, VP, IT Risk Management, McKesson
Tess Martillano, MD, IRM Enterprise Services & CIRO, Latin America & the Caribbean, BNY Mellon
Evan Wheeler, Executive Director, Operational Risk Management, DTCC
Isaiah McGowan will present a session on 'Steps to Success - Lessons Learned on Successfully Adopting OpenFAIR'
Abstract: In the two years since
This session will explore key attributes of a successful OpenFAIR implementation, pitfalls to avoid when adopting OpenFAIR, and examples of how OpenFAIR can help mature virtually any risk program.