At RSAC23 this week, FAIR Institute Chairman Jack Jones challenged an audience of 400 in two seminars to move beyond today’s common cyber risk measurement practices that don’t reliably measure risk and re-focus on some basic techniques advanced in Factor Analysis of Information Risk (FAIR™).
Learn More →Jack Jones, Chairman, FAIR Institute; Author, FAIR™ Model
Learn More →From Jack Jones, Chairman of the FAIR Institute and creator of the FAIR model for cyber risk quantification (CRQ) — the definitive guide to understanding CRQ: What it is (and isn't), its value proposition and limitations, and facts regarding the misperceptions that are commonplace.
Learn More →A quick overview of the FAIR Institute to get you started.
Learn More →Click below to download the white paper "An Introduction to the FAIR Controls Analytics Model (FAIR-CAM™)"
Learn More →Slides and recording available below
Learn More →Often, when getting started with CRQ, organizations tend to focus on how to quantify individual scenarios. While this is an important step, it soon becomes clear that measuring risk for decision support purposes requires a suite of scenarios working in combination to suit a variety of purposes. This “scenario suite” should be treated as one entity composed of individual scenarios that are collectively comparable, fit for purpose, re-useable, and sustainable. At this webinar, we will introduce the concept of developing a “Measurement Plan” to support this concept and we will touch on several techniques that can be used to assure your Cyber Risk Quantification work meets both current and future needs.
Learn More →H.E. Eng. Bassam Maharmeh, President, National Cyber Security Center of Jordan
Learn More →Osama Salah, Head of IT Information Security Transformation Program, Abu Dhabi Department of Finance
Learn More →Nick Sanna, President, FAIR Institute, CEO, RiskLens, Board Member, ISA
Learn More →Mohamed Adbulrahim, Managing Director, Octopian Security, Co-Chair FAIR Chapter Jordan
Learn More →Iman Khalid Al Marzouqi, Group Support Services Director, Alpha Dhabi Holding
Learn More →Jack Jones, 3x CISO, Award-winning Author of the FAIR Model, Chairman, FAIR Institute, Chief Risk Scientist, RiskLens
Learn More →Ahmed Al-Qawasmi, Chief Internal Audit Officer, MEPS Majdi Armouti, CEO, Digital Haze Ismael Al-Hinti, Pres., Al Hussein Technical University Iyad Khorma, CEO, Aqaba Digital Hub
Learn More →Marta Palanques, Director of Risk Methodologies in Technology Risk Management at Capital One
Learn More →Tyler Britton, Quantitative Cyber Risk Manager at DropBox
Learn More →Moderator: Larry Clinton, President, Internet Security Alliance (ISA) Mark Montgomery, Executive Director, CyberSolarium.org Frank Cilluffo, Commissioner, CSC
Learn More →David Hirsch, Chief of the Crypto Asset and Cyber Unit, Division of Enforcement, SEC Kristy Littman, Fmr. Chief of Enforcement - Cyber Unit, SEC
Learn More →Moderator: Omar Khawaja, CISO, Highmark Health Mark Tomallo, SVP, CISO, Victoria’s Secret Mary Elizabeth Faulkner, CISO, Thrivent Financial Jeff Norem, Deputy CISO, Freddie Mac
Learn More →Moderator: Julian Meyrick, Managing Partner & Vice President, Security Strategy Risk & Compliance, Security Services, IBM James Lam, Board Director & ERM Author Evan Wheeler, Sr. Director, Technology Risk Management, Capital One Michael Meis, Associate CISO, KU Health
Learn More →Michael Meis, Associate CISO, KU Health
Learn More →John Button, Principal Enterprise Risk Advisor, Gartner
Learn More →Tony Martin-Vegue, Senior Information Security Risk Engineer, Netflix Prashanthi Koutha, Senior Risk Engineer, Netflix
Learn More →Krishna Sheshabhattar, Director, Security, Risk, and Compliance, Expedia Group Randy Spusta, Global Competency Leader, Security Strategy Risk & Compliance Practice, IBM Security
Learn More →Michael Radigan, Cyber Risk Advisor, Cisco
Learn More →Cedric de Carvalho, Head of Group Cyber Risk & Advisory, Richemont
Learn More →Omar Khawaja, CISO at Highmark Health on their BOSITE Framework
Learn More →Zach Cossairt, Information Risk Program Manager, Equinix
Learn More →Markus Kaufmann, CISO, Senior Director of Information Security, Funko Tom Callaghan, Co-Founder, C-Risk
Learn More →Tim Wynkoop, Sr. Information Security Risk Engineer, Equinix
Learn More →Andrew Retrum, Managing Director, US Security Program & Strategy Practice Lead, Protiviti Brenda Thayer, Senior Manager, Technology Risk, Fannie Mae David Severski, Senior Security Data Scientist, Cyentia Institute, Brenda Thayer, Senior Manager of Technology Risk, Fannie Mae, Tim Kelly, Senior Manager, Protiviti
Learn More →Wade Baker, Partner, Cyentia Institute David Severski, Senior Security Data Scientist, Cyentia Institute
Learn More →Matthew Tolbert, Sr. Cybersecurity Specialist, Supervision and Regulation, Fed Reserve Bank of Cleveland
Learn More →Jack Jones, Chairman, FAIR Institute and Derek Johnson, Senior Reporter, SC Media
Learn More →Bob Maley, Chief Security Officer, Black Kite
Learn More →Jack Jones, Chairman, FAIR Institute
Learn More →Larry Clinton, President, Internet Security Alliance (ISA)
Learn More →Douglas Hubbard, President, Hubbard Decision Research
Learn More →Moderator: Jack Jones, Chairman, FAIR Institute Daniel Stone, Associate Director, Security & Privacy, Protiviti Erin Macuga, Manager Risk and Information Security, Thrivent Financial Robert Immella, Global Leader of Cyber Risk Quantification, Caterpillar Inc Tyler Britton, Quantitative Cyber Risk Manager, DropBox Drew Brown, Information System Security Developer, FAA
Learn More →Jack Jones, Chairman FAIR Institute, Chief Risk Scientist, RiskLens Bryan Smith, CTO, RiskLens
Learn More →Preparing for the Quantum Threat to Cryptocurrency and Cryptography - Protiviti Sponsored Webinar
Learn More →
Hello and good morning. Welcome to our seminar today from the FAIR Institute where we will be diving into the Future of Cybersecurity Risk Measurement.
Learn More →Maturing A Quantitative Risk Management Program in the Federal Government
Learn More →Overcoming the Challenges of Mapping NIST CSF to FAIR-CAM™
Learn More →Unveiling My Cyber Risk Benchmark: Risk Quantification for All
Learn More →Critical Do’s and Don’ts of Cyber Risk Board Reporting
Learn More →Building a Quantitative Cyber Risk Program Based on FAIR
Learn More →The Cyentia Institute just released a new study that analyzes 2000 incidents affecting nonprofit organizations to derive estimates and parameters for loss event frequency, loss magnitude, common incident patterns, etc.
Learn More →
In the webinar “Operationalizing FAIR at a Healthcare Insurer and Provider: Initial Mis-Steps, Current Use Cases, and Future State," Greg and Jason will discuss how Highmark Health took the next steps after identifying Top Risks, some of the challenges they have faced, how they are currently using FAIR to drive decision-making, and what their vision for FAIR at Highmark looks like.
Learn More →FAIR is the most common quantitative methodology in the technology and operational risk field, enjoying wide adoption and abundant resources to help those getting started.
Learn More →After an organization has successfully conducted FAIR analyses*, many wonder how they can expand their use of risk quantification to better understand their overall cyber risk exposure.
Learn More →The FAIR™ Institute’s third annual Cyber Risk Management Maturity Benchmark Survey results are in, and show “a lot of opportunity left in the risk management space for improvement,” says survey report author and FAIR Institute Fellow Jack Freund, PhD.
Learn More →Presenters: Matt Kruse, FIS Global, Senior Director - Risk, Information Security and Compliance (RISC), FIS Global, Nick Corzine, Manager, Quantitative Cyber Risk Analysis, Centene
Learn More →Presenter: Tony Martin-Vegue - Sr. Information Security Risk Engineer/Netflix
Learn More →Here is the FAIR Institute's 3-part seminar on the business benefits of cyber risk quantification at RSA Conference 2021.
Learn More →Presenter: Jack Whitsitt - FAIR Institute Board Member, SIRA Board Member, Cybersecurity Psychologist
Learn More →Recording and slide deck below.
Learn More →Únase a nosotros para la presentación del seminario web de casos de uso, organizada por el Instituto FAIR en español, para aprender sobre el uso de FAIR para la implementación de un nuevo sistema de TI en Ascena Retail Group, una empresa de Fortune 500 en los Estados Unidos.
Learn More →Webinar recording and slide deck below.
Learn More →WEBINAR RECORDING AND SLIDE DECK BELOW
Learn More →The FAIR Institute and HITRUST® launched an effort to integrate FAIR™, the international standard for cyber risk quantification, with the HITRUST CSF, the cybersecurity controls framework in use at hundreds of thousands of organizations, including 75% of Fortune 200 companies.
Learn More →Frank Kim, Curriculum Director, SANS Institute
Learn More →Kristy Littman, Chief, Cyber Unit, Division of Enforcement, U.S. Securities and Exchange Commission (SEC)
Learn More →Moderator: Nick Sanna, President, FAIR Institute
Learn More →Moderator: Donna Gallaher, Board of Advisors, FAIR Institute
Learn More →Larry Clinton, President, ISA
Learn More →Tony Martin-Vegue, Sr. Information Security, Risk Engineer, Netflix
Learn More →Sarina Hothi, Security Project Manager, DoorDash
Learn More →John Linford, Forum Director, Security Forum & Open Trusted Technology Forum (OTTF), The Open Group
Learn More →Michele Wucker, Author, "The Gray Rhino: How to Recognize and Act on the Obvious Dangers We Ignore"
Learn More →We have all seen the value of running FAIR analysis across a number of business situations. But how can the output of FAIR analyses be applied to everyday business decisions?
Learn More →Douglas Hubbard, Author, "How to Measure Anything in Cybersecurity Risk"
Learn More →Moderator: James Lam
Learn More →Marshall Lambert, Team Lead, Cyber Risk Quantification, Highmark Health
Learn More →Anthony Corso, Assistant Commission, Office of the Victorian Information Commissioner
Learn More →Bill Barouski, Chief Information Risk Officer, Northern Trust Corporation
Learn More →Moderator: Sounil Yu, CISO, YL Ventures & Board of Advisor Member, FAIR Institute
Learn More →Welcome Remarks and Opening Keynote: Factoring Risk in Decision Making: How Better Risk Measurement Enables Better Decision-Making
Learn More →David Elfering, Senior Director of Information Security
Learn More →Omar Khawaja, CISO, Highmark Health
Learn More →Wade Baker, Partner & Co-Founder, Cyentia Institute; Member, Board of Advisors, FAIR Institute
Learn More →Matt Kruse, Senior Director - Risk, Information Security and Compliance (RISC), FIS Global
Learn More →Richard Barretto, Security Operations Manager, Cimpress Jack Freund, Fellow, FAIR Institute
Learn More →Reny Mathew, InfoSec Analyst, Cambia Health Solutions
Learn More →Emery Csulak, Principal Deputy Chief Information Officer, U.S. Department of Energy (DOE)
Learn More →Harold Marcenaro, Digital Risk Officer, Banco de Credito del Peru (BCP)
Learn More →Estimados especialistas de América Latina, La Conferencia FAIR 2020 (FAIRCON2020), la principal conferencia global de gestión de riesgos cuantitativos, se llevará a cabo digitalmente los días 6 y 7 de octubre (martes y miércoles).
Learn More →As organizations continue to adjust to the current digital climate security teams have had to shift their focus - enhancing work-from-home security measures, managing changes to the digital supply chain, monitoring the ever-expanding data universe - but recent research has shown that some businesses are ignoring some basic security principles, thus leaving themselves exposed to serious threats.
Learn More →Many information security teams are running risk assessments that are qualitative in nature and do not provide results in terms business leaders and decision makers can understand.
Learn More →This webinar is a step-by-step walk-through from the primary authors of Protiviti’s latest thought leadership piece, “Understanding Changes in Resilience Risks From Technology Advancements.”
Learn More →Listen in to learn how Financial Risk Quantification can assist in integration of Cybersecurity Risk and ERM.
Learn More →Assessing cybersecurity risk has taken on a new meaning as organizations shift toward virtual, and companies focusing on maintaining operations.
Learn More →How to Get Started with Quantification & FAIR
Learn More →The latest issue of the ISACA Journal) presents a detailed case study on the long-running FAIR™ program at Rock Holdings, Inc. (parent company of Quicken Loans and Rocket Loans), and how “FAIR implementation transformed the business’ enterprise risk management (ERM) program and risk culture.”
Learn More →Advantages of a Quantitative Approach to Cyber Risk
Learn More →Successfully managing today’s complex and dynamic cyber and technology risk landscape requires being able to prioritize well and communicate effectively to executive stakeholders.
Learn More →Security and Risk Management leaders are exploring various methodologies in measuring information risk.
Learn More →The military has leveraged the concept of situational awareness to improve decision-making, particularly in the face of uncertainty.
Learn More →NIST CSF is intended to help organizations become more risk-focused.
Learn More →Many companies are currently looking at work from home options for employees in response to the Coronavirus pandemic, while still maintaining control over sensitive corporate data.
Learn More →Risk management expectations are evolving, especially with regards to how risk is being measured and communicated.
Learn More →It was a meeting of the minds: FAIR model creator Jack Jones, who’s dedicated his career advocating for quantitative, critical thinking against the easy-button practices of conventional cyber risk management—and Michele Wucker, author of The Gray Rhino: How to Recognize and Act on the Obvious Dangers We Ignore, a highly acclaimed book that’s getting renewed buzz as a result of the “unforeseen” coronavirus crisis that was all along like a snorting gray rhino about to charge.
Learn More →Key Points from Jack Jones and CISOs on Adopting FAIR
Learn More →All slide decks are attached for download below.
Learn More →Organizations starting out on their FAIR journey have probably heard the pitch several times by now: the qualitative High Medium Low “risk ratings” don’t cut it anymore.
Learn More →If you are a private sector organization driving your security program forward with the NIST-CSF framework, or a U.S. Government Agency working to adhere to the NIST Framework for Improving Critical Infrastructure Cybersecurity, you're on the right track to better outcomes.
Learn More →Join Jack Freund, PhD. and co-author of the FAIR Book “Measuring and Managing Information Risk: A FAIR Approach” and our expert panel for this engaging webinar on Thursday, December 19 at 11 AM EST.
Learn More →Interactive discussion focusing on Highmark Health's two-year journey to implement quantitative cyber risk management methods.
Learn More →The Open Group FAIR cyber risk quantification framework aims to create a common risk language that all can understand across an organisation.
Learn More →Finding your team's "True North" when starting a FAIR program can be overwhelming.
Learn More →Please welcome to the stage Geoji Paul, Director of Information Security Risk at Centene and Nathan Thomack, Manager of Cybersecurity Risk Management at Emerson for their session “Various Stages of FAIR Adoption.”
Learn More →Thank you all for joining our panel session “Integrating Cyber Into ERM.”
Learn More →Day 2 Keynote Speaker, John Wheeler, Global Research Leader - Risk Management Technology at Gartner.
Learn More →At Walmart, the use of FAIR-based risk quantification methods enable decision makers to effectively evaluate cyber-insurance policies.
Learn More →The title of this presentation is “A Crash Course on Quantitative vs. Qualitative.” This presentation will help us answer the questions of should I adopt a formal risk model, and should I quantify risk.
Learn More →This session will provide actionable advice on satisfying board members’ appetite for cyber risk analysis on an equal, quantitative footing with enterprise risk analysis (ERM).
Learn More →A mutually beneficial relationship exists between threat intelligence and quantitative risk assessments via FAIR.
Learn More →Please welcome Keith Weinbaum, Enterprise Risk Management Architect at Quicken Loans.
Learn More →So, you’ve brought in FAIR into your organization. You got the executive buy-in, were trained, and are now a FAIR-shop.
Learn More →A growing list of financial services organizations are using FAIR to mature information risk management function and effectively address the most significant risks.
Learn More →Many organizations rely on risk management frameworks such as NIST CSF and HITRUST as guidance for building best practice cybersecurity programs.
Learn More →The next session “Defining the Goals of an Effective Risk Management Program” will include expert CISOs who are leaders of this movement and who will share their experience with us.
Learn More →Doug is the author of the books How to Measure Anything, How to Measure Anything in Cybersecurity Risk and The Failure of Risk Management and a consultant through Hubbard Decision Research.
Learn More →Securing our nation’s technology infrastructure against cyber-attacks is a top priority for Rep. Langevin.
Learn More →Managing Organizational and Third-party Risk in the Age of Digital Transformation: Practical Lessons and Data-influenced Considerations
Learn More →Real-life business decisions at some of the world's largest companies are being made every day based on quantitative risk assessments.
Learn More →For our opening keynote, I would like to introduce Jack Jones, author of FAIR and Chairman of the FAIR Institute, who will discuss , “Enabling Risk Management Programs That Actually Work.”
Learn More →The Cyber Risk Management Workgroup has now published a compilation of risk assessment guidelines from various regulatory and compliance entities intended to be used as an overview for practitioners.
Learn More →Attached is the Cyber Risk Management Workgroup Deliverable "Regulatory/Compliance Risk Assessment Overview for FAIR Practitioners"
Learn More →Our second annual Benchmark Survey Report to provide insights into the current state of the industry and how best to move forward.
Learn More →Video: 2018 Risk Management Maturity Benchmark Survey Results Webinar
Learn More →Have questions of where to start within the Institute? Want to find out how to best get started?
Learn More →Download attachment below.
Learn More →"We need effective risk management to make well-informed decisions and we need effective risk management to measure those decisions and, over time, sometimes a relatively short time, to challenge the status quo as our environments change and as we know and understand more.
Learn More →“Executives hate surprises” begins a new white paper, Managing Cybersecurity Surprises – the Executive’s Perspective, by FAIR model creator Jack Jones, and goes on to detail the four most likely reasons that organizations get blindsided by cybersecurity failures:
Learn More →Attached is the Cyber Risk Management Workgroup Deliverable "Regulatory/Compliance Risk Assessment Overview for FAIR Practitioners"
Learn More →Seasoned risk consultant and FAIR expert, Rebecca Merritt, of RiskLens will share her personal path to enlightenment (read: FAIR model!) as a former IT Auditor for a Big 4.
Learn More →Slide presentation from Jack Jones on how to better communicate to Boards.
Learn More →If you’ve been looking for an easy way to put into practice the concepts you learned in the FAIR Book, FAIR Training, or to test risk quantification before considering a commercial enterprise-level solution, FAIR-U is for you.
Learn More →This webinar is hosted on a monthly basis for new members to the Institute. It is an overview of the offerings of the Institute and the advantages of becoming an engaged member.
Learn More →Feel free to download and share the "About the FAIR Institute" presentation attached below to spread the word of FAIR and the FAIR Institute.
Learn More →This case study is designed as a scenario that would help to inform management about the significance of an emerging risk, such a ransomware.
Learn More →A global banking and financial services holding company with over $300B in total assets is preparing for the upcoming European Union General Data Protection Regulation (GDPR) and New York Department of Financial Services (NYDFS) cybersecurity regulations.
Learn More →A financial services institution with $10B in total assets was trying to determine if a move to Office 365 from their internally hosted Exchange Server made sense for the organization.
Learn More →A large healthcare supplier serving more than 150 million Americans operated a key fulfillment facility in an area threatened by natural disasters.
Learn More →The CISO at a global manufacturing company with $50 billion in revenue faced an all-too common problem: intellectual property (IP), critical to their success and position in their market, was scattered throughout the organization, exposing them to grave occurrences of IP ex-filtration.
Learn More →Our first annual Benchmark Survey Report and Webinar provide insights into the current state of the industry and how best to move forward.
Learn More →Our first annual Benchmark Survey Report and Webinar provide insights into the current state of the industry and how best to move forward.
Learn More →This article will provide insight into the factors that drive risk decisions, the role of business management and security experts in decision making, as well as the information that’s necessary in order to make well-informed risk decisions.
Learn More →In this white paper, Jack Jones shares five reasons why many organizations are, at best, realizing only one of many important objectives.
Learn More →With the advent of FAIR, organizations finally have a model that enables effective cyber risk measurement. As a result, this document will provide guidance and examples to help organizations improve their FAIR-based risk analyses using these data sources.
Learn More →People in the risk management profession routinely use the word “risk” in different ways. Although this may be fine in a non-professional setting, it presents significant challenges in terms of our ability to accurately and efficiently identify, measure, and communicate about risk.
Learn More →This paper describes at a high level a comparison of the relative efficacy of prioritizing risk remediation activities using qualitative versus quantitative methods.
Learn More →Find out if training can reduce risk associated with spear and regular phishing in this case study.
Learn More →Review a case study on how much credit card number tokenization can reduce the risk associated with the card datastore.
Learn More →Review a Big Data Case Study on Using a Risk-Based Approach for Information Security and Fraud Analytics.
Learn More →Understand how much risk is associated with different security encryption strategies related to cloud data.
Learn More →This document describes a more fundamental approach to defining and evaluating cyber risk management maturity.
Learn More →Learn from one of the most successful FAIR implementation teams.
Learn More →Join Jack Jones as he explains how NIST CSF and FAIR act as complements to one another.
Learn More →Applying Root Cause Analysis to a portfolio of issues can help identify and resolve systemic issues within your organization.
Learn More →