FAIR Institute Leadership

Welcome from the
Chairman Emeritus

As organizations increasingly rely on digital processes to run their businesses, the need to cost-effectively manage the associated risks has become critical. As a result, risk management and business executives have been looking for ways to improve their knowledge, their decision-making and their reporting practices related to cybersecurity and operational risk.

We have created the FAIR Institute to provide a forum where you can meet with peers of leading organizations to learn about digital risk scenarios affecting your industry; to research, develop and collect risk management best practices; and to learn how to better communicate with your executive team, your board and other key stakeholders about cyber and operational risk.

Widely considered a thought leader in risk management and information security, Jack has been employed in information security and risk management for over thirty five years. During this time he has garnered a decade of experience as a CISO, including five years for a Fortune 100 financial services company. His work has also been recognized by his peers and the industry, earning him the 2006 ISSA Excellence in the Field of Security Practices award, and the 2012 CSO Compass Award for Leadership in Risk Management.Jack is the originator of the now industry standard risk measurement model known as Factor Analysis of Information Risk (FAIR) as well as the FAIR Controls Analytics Model (FAIR-CAM). FAIR has seen adoption globally, within organizations of all sizes, and is now regularly included in graduate-level university courses on information security and referenced by other industry standards. He also co-authored a book on FAIR entitled "Measuring and Managing Information Risk - A FAIR Approach", which has been inducted into the Cybersecurity Canon as a "must read" for professionals in the industry. Jack served on the ISACA task force that developed the RiskIT framework, and he led the ISACA group that developed the CRISC certification.Today, Jack helps organizations understand and more effectively manage their cyber and operational risk landscapes. and is a sought after speaker at national conferences and universities. He is also an adjunct instructor of risk measurement for Carnegie Mellon University. Jack is also Chairman Emeritus of The FAIR Institute (http://www.fairinstitute.org/), an award-winning non-profit organization led by information risk officers, CISOs and business executives to advance risk management practices based on FAIR.

Board of Directors

The FAIR Institute Board of Directors and Board of Advisors are made up of a group of leaders whose mission is to help in the development of standard practices based on the FAIR™ quantitative risk analysis model, and to share it with the community.