Filter Resources


Resource Types

Resource Topics

Resource Tags

Video with Slides

How to Achieve SEC Compliance with Real-time and Automated FAIR Solution - Safe Security Sponsored Webinar

New SEC Cyber Risk Disclosure Rules mandate transformation in how publicly traded companies identify, measure, and report on the cyber risks that hit the level of material impact. Businesses need to develop frameworks and processes to make this fundamental shift swiftly. But how? Join this sponsored webinar with Molly Slocum, Director of Product Management from our Technical Advisor, Safe Security, moderated by Jack Jones, author of the FAIR™ methodology and Chairman of FAIR Institute. Molly will present on how you can provide your organization with automated, real-time, and quantitative risk management program based on FAIR™. Get actionable insights on how to: Automate FAIR™ to measure the probable material impact of cyber risk Report on material cyber risks in financial terms that satisfy regulators and your Board Demonstrate a transparent cybersecurity strategy protecting investor interests using the most advanced, AI-driven solution. Plus, hear real customer use cases of how AI-driven Cyber Risk Quantification has equipped businesses to identify, measure, and communicate cyber risk in real-time.

Learn More →
PDF

An Introduction to the FAIR Materiality Assessment Model (FAIR-MAM™)

The FAIR Institute is releasing a new standard to help organizations assess the materiality of cybersecurity risk and incidents, called FAIR Materiality Assessment Model (FAIR-MAMTM). FAIR-MAM expands the loss magnitude factor of the FAIR model, and provides a more detailed taxonomy and breakdown of loss categories driven by cybersecurity incidents.

Learn More →
Video

What the New SEC Regulation on Cyber Reporting Means for the Risk Management Profession - Webinar

As many of us know, the SEC Commissioners voted to adopt the proposed rule on cyber security. This rule aims to elevate the cyber risk reporting and management practices for public companies (registrants) in the US, to help investors in such companies consider the probable impact of cyber risk as they make investment decisions. This will be a forcing function for companies to adopt trusted cyber risk quantification (CRQ) models such as FAIR™ and adopt processes and tools that provide them with visibility into their material risks and incidents. Tune in to hear industry experts as they explain and discuss what this all means for the risk management profession. Key advice will be shared on how to navigate these new rules together and how CRQ is the top way you can help your organizations be compliant.

Learn More →
Video with Slides

Case Study- Improving Cyber Risk Visibility and Decision-Making with Maersk

Moving right along to our next session, allow me to introduce the Cyber Security Risk Team from Maersk. This case study session will provide a world class example of how Maersk is using quantification to improve cyber risk visibility and their companywide decision making. Here to present today are Pooya Alai and Rebekka Kurland!

Learn More →
Video with Slides

Keynote by Jack Jones - The Future of Cybersecurity Risk Measurement

Next up, we have the author and creator of the FAIR Model, Jack Jones with a new and forward-looking presentation on The Future of Cybersecurity Risk Measurement. Jack has worked in information security for over thirty-five years, ten years of which as a CISO with three different companies, including a Fortune 100 company. In 2012 Jack received the CSO Compass award for risk management leadership. An adjunct professor at Carnegie Mellon University, he teaches in the CRO and CISO executive programs. Jack created the “Factor Analysis of Information Risk” (FAIR) model which has been adopted as an international standard. Currently, Jack is the Chief Risk Scientist at RiskLens and Chairman of the FAIR Institute, our award-winning global non-profit organization with over 13,000 members worldwide. He has also co-authored a book on FAIR entitled “Measuring and Managing Information Risk, a FAIR Approach” which was inducted into the Cyber Security Canon in 2016.

Learn More →
Video with Slides

Keynote by Nick Sanna - How Risk Economics Can Help Us Win the Battle in Cyberspace

For our Opening Keynote, “How Risk Economics Can Help Us Win the Battle in Cyberspace”, it is my pleasure to introduce Nick Sanna, FAIR Institute Founder and President. Nick founded the FAIR Institute in 2016 as an expert non-profit organization due to a growing demand from an expanding FAIR community. The idea was to create a forum for learning about FAIR, for developing and sharing innovative best practices, and to serve as a platform and for networking with peers. He was supported in this effort by the author of FAIR – Jack Jones, the Institute's Chairman - and industry representatives from companies such as Fannie Mae, Cisco, Bank of America, and Northern Trust. Outside of his volunteer work at the FAIR Institute, Nick is the CEO of RiskLens, a software company that has developed an enterprise platform based on FAIR and that acts as the Institute's Technical Advisor. Please welcome Nick Sanna!

Learn More →
Video with Slides

Case Study for Cyber Risk Quantification in Luxury Watchmaking with Richemont

Next up is our final case study for the day from Pierre Olodo, Cyber Risk Specialist at Richemont. Pierre will share two scenarios having to deal with CRQ when it comes to luxury watchmaking. A unique take on the craft! Help me welcome Pierre to the stage

Learn More →
Video

Panel - What Does Effective Cyber Risk Oversight Look Like?

We have a stellar panel lined up. This session is titled “What Does Effective Cyber Risk Oversight Look Like?” and it will dive deeper into Nick’s presentation, and you will hear some real-life examples. The group will discuss the different roles around oversight and share leading practices on what works and works well. Help me welcome to the stage our panel moderated by Julian Meyrick: • Phil Huggins, CISO, NHS England • Jo Armstrong, Head of UK Card Technology Risk Management, Capital One • Naomi Gilbert, Head of Cyber Resilience Policy, Dept. for Digital, Culture, Media and Sport • Daniel May, Regional CISO, Commerzbank

Learn More →
Video

Panel - Communicating Cyber Risk to Management and the Board

Welcome back for our next panel session of the day focused on “Communicating Cyber Risk to Management and the Board. We will be discussing the ever present and important topic of communication and will hear the best tips for performing it successfully. Joining us today are our panelists: • Moderator: Jack Whitsitt, Director of Cyber Risk Quantification, Ostrich Cyber-Risk • Keyun Ruan, Risk Economics and Quantification Lead, Google Cloud • Cedric De Carvalho, Head of Group Cyber Risk & Advisory, Richemont

Learn More →
Video

Panel - Moving from a Compliance-Based to a Risk-Based Approach to Cybersecurity

I’m going to invite Jack Jones back to the stage to moderate a panel on “Moving from a Compliance-Based to a Risk-Based Approach to Cybersecurity” that will focus on the benefits and the how-tos of creating an effective strategy around this. Also help me welcome our panelists: • Paul de Luca, Head of Cyber Risk, HPE • Laura Voicu, Manager Security Assurance and Risk Management, InfoSec, Elastic • Hardip Bharj, Head of Security Risk Management, SAP

Learn More →
Video with Slides

Approach and Lessons Learned From Building a Cyber Risk Quantification Program with Fresenius

Rolling right into our next case study session from the Fresenius Group. These presenters are going to talk about their experiences and share what they have learned from building a CRQ program. Let’s now welcome to the stage, David Steng, Director, Cyber Risk & Economics, Group Cybersecurity Office and Ferhat Yazgili, Senior Cyber Risk Manager from Fresenius Group.

Learn More →
Video with Slides

Europe Summit Closing Remarks with Tony Morbin, News Editor EU, Information Security Media Group

Finally, I am going to hand over the stage to Tony Morbin, Executive News Editor for the EU at Information Security Media Group. Tony has been working and writing in the information security space for years and was previously editor at IT Security Guru and SC Media UK. Tony has been speaking with you all today and listening to the presentations and will now help us close out the day with summary thoughts while relaying them to industry trends.

Learn More →
Video with Slides

Webinar - Understanding CRQ - A Buyers Guide Review V2

Jack Jones, Chairman, FAIR Institute; Author, FAIR™ Model

Learn More →
PDF

"Understanding Cyber Risk Quantification: The Buyer’s Guide" by Jack Jones - V2 Published 2023

From Jack Jones, Chairman of the FAIR Institute and creator of the FAIR model for cyber risk quantification (CRQ) — the definitive guide to understanding CRQ: What it is (and isn't), its value proposition and limitations, and facts regarding the misperceptions that are commonplace.

Learn More →
PDF

New Member Engagement Packet

A quick overview of the FAIR Institute to get you started.

Learn More →
PDF

An Introduction to the FAIR Controls Analytics Model (FAIR-CAM™)

Click below to download the white paper "An Introduction to the FAIR Controls Analytics Model (FAIR-CAM™)"

Learn More →
PDF

The FAIR Model

Download the internationally recognized standard FAIR model.

Learn More →
Video with Slides

GRC and CRQ - A (Good) Story of Codependency - Sponsored Webinar with Ostrich Cyber-Risk

In order to understand how best to plan for and execute Cyber Risk Quantification (CRQ) as a practice and a program, it’s best to start by understanding how it fits into more traditional Governance Risk Compliance (GRC). Leveraging a CRQ tool in a GRC program provides a means to measure cyber risk levels objectively. CRQ is not intended to ‘replace’ or ‘bolt on’ to an existing GRC program. Instead, CRQ informs an evolution of existing practices, and those practices plus CRQ must be taken into consideration as they blend into an enhanced approach to decision-making by leveraging the common ground: METRICS. In this webinar, you will learn how GRC programs and CRQ tools together will help you: More accurately estimate and track exposure of financial losses Prioritize between compliance and regulation requirements Prioritize cyber investments, allocate budget and adjust strategy Highlight the decrease in potential financial losses to determine which regulatory or compliance requirement is worth investing in Inform stakeholders how you are meeting new cyber regulations

Learn More →
Video with Slides

Measurement Planning Webinar - Sponsored Webinar with Ostrich Cyber-Risk

Often, when getting started with CRQ, organizations tend to focus on how to quantify individual scenarios.  While this is an important step, it soon becomes clear that measuring risk for decision support purposes requires a suite of scenarios working in combination to suit a variety of purposes.  This “scenario suite” should be treated as one entity composed of individual scenarios that are collectively comparable, fit for purpose, re-useable, and sustainable.   At this webinar, we will introduce the concept of developing a “Measurement Plan”  to support this concept and we will touch on several techniques that can be used to assure your Cyber Risk Quantification work meets both current and future needs.

Learn More →
PDF

Today’s Best Practices for Cybersecurity Risk Measurement - FAIR Institute Seminar at RSAC23

At RSAC23 this week, FAIR Institute Chairman Jack Jones challenged an audience of 400 in two seminars to move beyond today’s common cyber risk measurement practices that don’t reliably measure risk and re-focus on some basic techniques advanced in Factor Analysis of Information Risk (FAIR™).

Learn More →
Video

How Government Can Help Manage Cyber Risk-The Example of the New Cybersecurity Framework in Jordan

H.E. Eng. Bassam Maharmeh, President, National Cyber Security Center of Jordan

Learn More →
Video

How to Address Common Cyber Risk Management Challenges with FAIR™

Osama Salah, Head of IT Information Security Transformation Program, Abu Dhabi Department of Finance

Learn More →
Video

How Risk Economics Can Help Us Win the Battle in Cyberspace

Nick Sanna, President, FAIR Institute, CEO, RiskLens, Board Member, ISA

Learn More →
Video

Advancing Cyber Risk Management Practices in Your Organization-Practical Tips an Next Steps

Mohamed Adbulrahim, Managing Director, Octopian Security, Co-Chair FAIR Chapter Jordan

Learn More →
Video

Improving Cyber Risk Visibility and Decision-Making-Practical Use Cases

Iman Khalid Al Marzouqi, Group Support Services Director, Alpha Dhabi Holding

Learn More →
Video

Measuring and Managing Cyber Risk Effectively-A FAIR Approach

Jack Jones, 3x CISO, Award-winning Author of the FAIR Model, Chairman, FAIR Institute, Chief Risk Scientist, RiskLens

Learn More →
Video

Creating National Cyber Risk and Governance Culture

Ahmed Al-Qawasmi, Chief Internal Audit Officer, MEPS Majdi Armouti, CEO, Digital Haze Ismael Al-Hinti, Pres., Al Hussein Technical University Iyad Khorma, CEO, Aqaba Digital Hub

Learn More →
Video with Slides

Getting Your Money's Worth: Putting Your Controls Inventory to Work

Marta Palanques, Director of Risk Methodologies in Technology Risk Management at Capital One

Learn More →
Video with Slides

Case Study: Quantifying the Control and Risk Landscape Using FAIR-CAM

Tyler Britton, Quantitative Cyber Risk Manager at DropBox

Learn More →
Video

Fireside Chat-A Legislative and Policy Update on Cybersecurity and Risk Management

Moderator: Larry Clinton, President, Internet Security Alliance (ISA) Mark Montgomery, Executive Director, CyberSolarium.org Frank Cilluffo, Commissioner, CSC

Learn More →
Video

Fireside Chat-What the Revised SEC Guidance on Cyber Risk Disclosures Means for You

David Hirsch, Chief of the Crypto Asset and Cyber Unit, Division of Enforcement, SEC Kristy Littman, Fmr. Chief of Enforcement - Cyber Unit, SEC

Learn More →
Video

Panel: Driving Culture Change - From a Compliance to a Risk-based Approach to Cybersecurity

Moderator: Omar Khawaja, CISO, Highmark Health Mark Tomallo, SVP, CISO, Victoria’s Secret Mary Elizabeth Faulkner, CISO, Thrivent Financial Jeff Norem, Deputy CISO, Freddie Mac

Learn More →
Video with Slides

Panel: Communicating Cyber Risk to the Board and the Business: How Is It Changing?

Moderator: Julian Meyrick, Managing Partner & Vice President, Security Strategy Risk & Compliance, Security Services, IBM James Lam, Board Director & ERM Author Evan Wheeler, Sr. Director, Technology Risk Management, Capital One Michael Meis, Associate CISO, KU Health

Learn More →
Video with Slides

Managing Cyber Risk as a Strategic Enterprise Risk - John Button, Gartner

John Button, Principal Enterprise Risk Advisor, Gartner

Learn More →
Video with Slides

Case Study-Five Objections to FAIR and How to Overcome Them with Netflix

Tony Martin-Vegue, Senior Information Security Risk Engineer, Netflix Prashanthi Koutha, Senior Risk Engineer, Netflix

Learn More →
Video with Slides

Presentation-Expedia Groups’ Approach to Build an Effective Security Risk MGT Program using FAIR

Krishna Sheshabhattar, Director, Security, Risk, and Compliance, Expedia Group Randy Spusta, Global Competency Leader, Security Strategy Risk & Compliance Practice, IBM Security

Learn More →
Video with Slides

Case Study-Refining the “R” in GRC at Scale with Mike Radigan, Cisco

Michael Radigan, Cyber Risk Advisor, Cisco

Learn More →
Video with Slides

Case Study-Scaling FAIR for M&A & Beyond-Combining Bottom-Up and Top-Down Approaches with Richemont

Cedric de Carvalho, Head of Group Cyber Risk & Advisory, Richemont

Learn More →
Video with Slides

Presentation-Justifying the Value of Cybersecurity to the Business with Omar Khawaja

Omar Khawaja, CISO at Highmark Health on their BOSITE Framework

Learn More →
Video with Slides

Case Study-Harnessing The Voltage Effect to Scale our FAIR Risk Programs with Zach Cossairt, Equinix

Zach Cossairt, Information Risk Program Manager, Equinix

Learn More →
Video with Slides

Case Study-Embedding CRQ in the Infosec Governance Process of a Fast-Growing Pop Culture Retail Org.

Markus Kaufmann, CISO, Senior Director of Information Security, Funko Tom Callaghan, Co-Founder, C-Risk

Learn More →
Video with Slides

Case Study-Building a Strong Foundation for your Quantitative Risk MGT Program with Tim Wynkoop

Tim Wynkoop, Sr. Information Security Risk Engineer, Equinix

Learn More →
Video with Slides

Panel-Scaling a Quantitative Risk Management Program

Andrew Retrum, Managing Director, US Security Program & Strategy Practice Lead, Protiviti Brenda Thayer, Senior Manager, Technology Risk, Fannie Mae David Severski, Senior Security Data Scientist, Cyentia Institute, Brenda Thayer, Senior Manager of Technology Risk, Fannie Mae, Tim Kelly, Senior Manager, Protiviti

Learn More →
Video with Slides

Presentation-Unveiling the IRIS 2022-Bigger Scale, Greater Depth, and More Data for Your CRQ Program

Wade Baker, Partner, Cyentia Institute David Severski, Senior Security Data Scientist, Cyentia Institute

Learn More →
Video with Slides

Presentation-Trends in Determining Systemic Cyber Risk for the Financial Services Industry

Matthew Tolbert, Sr. Cybersecurity Specialist, Supervision and Regulation, Fed Reserve Bank of Cleveland

Learn More →
Video with Slides

Closing Remarks with Derek Johnson and Jack Jones

Jack Jones, Chairman, FAIR Institute and Derek Johnson, Senior Reporter, SC Media

Learn More →
Video with Slides

Presentation-Scaling FAIR for Third Party Risk Management with Black Kite

Bob Maley, Chief Security Officer, Black Kite

Learn More →
Video with Slides

FAIRCON22 Welcome Address

Nick Sanna, President, FAIR Institute

Learn More →
Video with Slides

Keynote Address: Trusting Risk-Informed Decisions with Jack Jones

Jack Jones, Chairman, FAIR Institute

Learn More →
Video with Slides

Keynote - How Risk Economics Can Help Us Win the Battle in Cyberspace with Larry Clinton

Larry Clinton, President, Internet Security Alliance (ISA)

Learn More →
Video with Slides

Presentation: Subjective Judgements: Outperforming Your Current Best Experts with Doug Hubbard

Douglas Hubbard, President, Hubbard Decision Research

Learn More →
Video with Slides

Panel-CIS, NIST 800-53, ISO27000-Mapping Leading Control Frameworks to FAIR-CAM™

Moderator: Jack Jones, Chairman, FAIR Institute Daniel Stone, Associate Director, Security & Privacy, Protiviti Erin Macuga, Manager Risk and Information Security, Thrivent Financial Robert Immella, Global Leader of Cyber Risk Quantification, Caterpillar Inc Tyler Britton, Quantitative Cyber Risk Manager, DropBox Drew Brown, Information System Security Developer, FAA

Learn More →
Video with Slides

Presentation-How to Scale FAIR Programs with Controls Analytics with RiskLens

Jack Jones, Chairman FAIR Institute, Chief Risk Scientist, RiskLens Bryan Smith, CTO, RiskLens

Learn More →
Video with Slides

Preparing for the Quantum Threat to Cryptocurrency and Cryptography - Protiviti Sponsored Webinar

Preparing for the Quantum Threat to Cryptocurrency and Cryptography - Protiviti Sponsored Webinar

Learn More →
PDF

The Future of Cybersecurity Risk Measurement at RSAC22 - Slide Deck

Hello and good morning. Welcome to our seminar today from the FAIR Institute where we will be diving into the Future of Cybersecurity Risk Measurement.

Learn More →
Video

Maturing A Quantitative Risk Management Program in the Federal Government

Maturing A Quantitative Risk Management Program in the Federal Government

Learn More →
Video

Overcoming the Challenges of Mapping NIST CSF to FAIR-CAM™

Overcoming the Challenges of Mapping NIST CSF to FAIR-CAM™

Learn More →
Video

Unveiling My Cyber Risk Benchmark: Risk Quantification for All

Unveiling My Cyber Risk Benchmark: Risk Quantification for All

Learn More →
Video

Critical Do’s and Don’ts of Cyber Risk Board Reporting

Critical Do’s and Don’ts of Cyber Risk Board Reporting

Learn More →
Video

Building a Quantitative Cyber Risk Program Based on FAIR

Building a Quantitative Cyber Risk Program Based on FAIR

Learn More →
PDF

New study demonstrating CRQ parameters

The Cyentia Institute just released a new study that analyzes 2000 incidents affecting nonprofit organizations to derive estimates and parameters for loss event frequency, loss magnitude, common incident patterns, etc.

Learn More →
Discussion Forum

FAIR-CAM™ FAQs

FAIR-CAM™ FAQs:

Learn More →
PDF

Description of the FAIR-CAM™ Standard

Download the white paper below.

Learn More →
Video with Slides

Operationalizing FAIR at a Healthcare Insurer and Provider - Advanced Track Meeting - Sept 23, 2021

In the webinar “Operationalizing FAIR at a Healthcare Insurer and Provider: Initial Mis-Steps, Current Use Cases, and Future State," Greg and Jason will discuss how Highmark Health took the next steps after identifying Top Risks, some of the challenges they have faced, how they are currently using FAIR to drive decision-making, and what their vision for FAIR at Highmark looks like.

Learn More →
Video with Slides

Common Uses Cases of FAIR Analysis - Beginner Chapter Meeting #3 - September 15, 2021

FAIR is the most common quantitative methodology in the technology and operational risk field, enjoying wide adoption and abundant resources to help those getting started.

Learn More →
Video with Slides

Protiviti Sponsored Webinar - Establish Your Cyber Risk Management Baseline

After an organization has successfully conducted FAIR analyses*, many wonder how they can expand their use of risk quantification to better understand their overall cyber risk exposure.

Learn More →
PDF

2019 Cyber Risk Management Maturity Benchmark Survey

The FAIR™ Institute’s third annual Cyber Risk Management Maturity Benchmark Survey results are in, and show “a lot of opportunity left in the risk management space for improvement,” says survey report author and FAIR Institute Fellow Jack Freund, PhD.

Learn More →
Video with Slides

FAIR Institute Chapter Meeting - Advanced Track Meeting 1 - Reporting Risk to the Board

Presenters: Matt Kruse, FIS Global, Senior Director - Risk, Information Security and Compliance (RISC), FIS Global, Nick Corzine, Manager, Quantitative Cyber Risk Analysis, Centene

Learn More →
Video with Slides

FAIR Institute Chapter Meeting - Incentivizing Better Risk Decisions: Lesson From Rogue Actuaries

Presenter: Tony Martin-Vegue - Sr. Information Security Risk Engineer/Netflix

Learn More →
Video with Slides

How to Manage and Communicate Cyber Risk in Business Terms - Association Seminar at RSAC21

Here is the FAIR Institute's 3-part seminar on the business benefits of cyber risk quantification at RSA Conference 2021.

Learn More →
Video with Slides

FAIR Institute Chapter Meeting - What They Didn't Teach You In Fair School

Presenter: Jack Whitsitt - FAIR Institute Board Member, SIRA Board Member, Cybersecurity Psychologist

Learn More →
Video with Slides

WEBINAR: Presentación de caso de uso sobre el uso de FAIR para la implementación de un nuevo sistema

Únase a nosotros para la presentación del seminario web de casos de uso, organizada por el Instituto FAIR en español, para aprender sobre el uso de FAIR para la implementación de un nuevo sistema de TI en Ascena Retail Group, una empresa de Fortune 500 en los Estados Unidos.

Learn More →
Video with Slides

Measuring the Cyber Attack Surface - RiskRecon Sponsored Webinar Recording

Webinar recording and slide deck below.

Learn More →
PDF

FAIR Institute and HITRUST Plan Integration of FAIR Standard and HITRUST CSF

The FAIR Institute and HITRUST® launched an effort to integrate FAIR™, the international standard for cyber risk quantification, with the HITRUST CSF, the cybersecurity controls framework in use at hundreds of thousands of organizations, including 75% of Fortune 200 companies.

Learn More →
Video with Slides

C-Level Panel - Improving Decision Making through the Adoption of FAIR

Frank Kim, Curriculum Director, SANS Institute

Learn More →
Video with Slides

Clarifying SEC’s Expectations for Cyber Risk Disclosures

Kristy Littman, Chief, Cyber Unit, Division of Enforcement, U.S. Securities and Exchange Commission (SEC)

Learn More →
Video with Slides

Roundtable - A Strategic Approach to Defending the U.S. in Cyberspace

Moderator: Nick Sanna, President, FAIR Institute

Learn More →
Video with Slides

Use Case Panorama - How FAIR Analysis Improves Risk Communication and Decision Making

Moderator: Donna Gallaher, Board of Advisors, FAIR Institute

Learn More →
Video with Slides

Case Study - How FAIR Analyses Support Decision-Making at Netflix

Tony Martin-Vegue, Sr. Information Security, Risk Engineer, Netflix

Learn More →
Video with Slides

Presentation - Improving DevSecOps with FAIR at Doordash

Sarina Hothi, Security Project Manager, DoorDash

Learn More →
Video with Slides

Presentation - Updates to the Open FAIR Standards

John Linford, Forum Director, Security Forum & Open Trusted Technology Forum (OTTF), The Open Group

Learn More →
Video with Slides

Keynote Conversation-How to Help the Business Make the Right Decisions on Risks They Struggle to See

Michele Wucker, Author, "The Gray Rhino: How to Recognize and Act on the Obvious Dangers We Ignore"

Learn More →
Video with Slides

Case Study - Decision Making with FAIR - Quantification and The Rise of Class Action Lawsuits

We have all seen the value of running FAIR analysis across a number of business situations. But how can the output of FAIR analyses be applied to everyday business decisions?

Learn More →
Video with Slides

Presentation - The Team as a Measurement Instrument

Douglas Hubbard, Author, "How to Measure Anything in Cybersecurity Risk"

Learn More →
Video with Slides

Case Study - Building a Program with HITRUST & FAIR

Marshall Lambert, Team Lead, Cyber Risk Quantification, Highmark Health

Learn More →
Video with Slides

Case Study - Protecting Government Information and Assessing Controls at Scale

Anthony Corso, Assistant Commission, Office of the Victorian Information Commissioner

Learn More →
Video with Slides

Conversation - OCC Insights for Cyber Risk Assessments

Bill Barouski, Chief Information Risk Officer, Northern Trust Corporation

Learn More →
Video with Slides

Presentation - Drivers for IRM, Digital Transformation & Cost Optimization

Moderator: Sounil Yu, CISO, YL Ventures & Board of Advisor Member, FAIR Institute

Learn More →
Video with Slides

Opening Keynote: Factoring Risk in Decision Making: Better Risk Measurement Enables Better Decisions

Welcome Remarks and Opening Keynote: Factoring Risk in Decision Making: How Better Risk Measurement Enables Better Decision-Making

Learn More →
Video with Slides

Presentation - How to Rapidly Triage Issues and Findings to Focus on What Matters Most

David Elfering, Senior Director of Information Security

Learn More →
Video with Slides

Presentation - How Better Data Can Help Executives Make Better Decisions

Wade Baker, Partner & Co-Founder, Cyentia Institute; Member, Board of Advisors, FAIR Institute

Learn More →
Video with Slides

Case Study - Reporting Cyber Risk to the Board: Real Life Examples

Matt Kruse, Senior Director - Risk, Information Security and Compliance (RISC), FIS Global

Learn More →
Video with Slides

Presentation - Prioritizing NIST CSF Activities with FAIR

Richard Barretto, Security Operations Manager, Cimpress Jack Freund, Fellow, FAIR Institute

Learn More →
Video with Slides

Case Study - Enhancing HIPAA Risk Assessment with FAIR

Reny Mathew, InfoSec Analyst, Cambia Health Solutions

Learn More →
Video with Slides

Case Study - Building A Quantitative Risk Management Program in the Federal Government

Emery Csulak, Principal Deputy Chief Information Officer, U.S. Department of Energy (DOE)

Learn More →
Video with Slides

Presentation - Support Your Company’s Digital Transformation during Times of Crisis

Harold Marcenaro, Digital Risk Officer, Banco de Credito del Peru (BCP)

Learn More →
Video with Slides

Seminario web introductorio de FAIR Institute para América Latina y América del Sur

Estimados especialistas de América Latina, La Conferencia FAIR 2020 (FAIRCON2020), la principal conferencia global de gestión de riesgos cuantitativos, se llevará a cabo digitalmente los días 6 y 7 de octubre (martes y miércoles).

Learn More →
Video with Slides

Weaving a Safer Web: Significant Risks from Insignificant Details - RiskRecon Sponsored Webinar

As organizations continue to adjust to the current digital climate security teams have had to shift their focus - enhancing work-from-home security measures, managing changes to the digital supply chain, monitoring the ever-expanding data universe - but recent research has shown that some businesses are ignoring some basic security principles, thus leaving themselves exposed to serious threats.

Learn More →
Video with Slides

Rapid Risk Assessments: Identifying and Prioritizing Risks in Minutes Instead of Months - RiskLens

Many information security teams are running risk assessments that are qualitative in nature and do not provide results in terms business leaders and decision makers can understand.

Learn More →
Video with Slides

Using FAIR to Understand Change in Resilience Risk - Protiviti Sponsored Webinar

This webinar is a step-by-step walk-through from the primary authors of Protiviti’s latest thought leadership piece, “Understanding Changes in Resilience Risks From Technology Advancements.”

Learn More →
Video with Slides

How Financial Risk Quantification Can Help Federal Agencies Better Integrate Cybersec. Risk & ERM

Listen in to learn how Financial Risk Quantification can assist in integration of Cybersecurity Risk and ERM.

Learn More →
Video with Slides

Reducing Cybersecurity Risk by Automating Continuous Vendor Assessment - Sponsored by RiskRecon

Assessing cybersecurity risk has taken on a new meaning as organizations shift toward virtual, and companies focusing on maintaining operations.

Learn More →
Video with Slides

Making Better Cyber and Technology Risk Decisions - Part 3 Webinar with Jack Jones

How to Get Started with Quantification & FAIR

Learn More →
PDF

ISACA Journal Case Study: ‘Building a Rock-Solid ERM Culture on FAIR™’

The latest issue of the ISACA Journal) presents a detailed case study on the long-running FAIR™ program at Rock Holdings, Inc. (parent company of Quicken Loans and Rocket Loans), and how “FAIR implementation transformed the business’ enterprise risk management (ERM) program and risk culture.”

Learn More →
Video with Slides

Making Better Cyber and Technology Risk Decisions - Part 2 Webinar with Jack Jones

Advantages of a Quantitative Approach to Cyber Risk

Learn More →
Video with Slides

Making Better Cyber and Technology Risk Decisions - Part 1 Webinar with Jack Jones

Successfully managing today’s complex and dynamic cyber and technology risk landscape requires being able to prioritize well and communicate effectively to executive stakeholders.

Learn More →
Video with Slides

"Use Risk Quantification to Change Executive Priorities and Investments in Security" Webinar

Security and Risk Management leaders are exploring various methodologies in measuring information risk.

Learn More →
Video with Slides

Cyber Risk Through a Cyber Situational Awareness Lens - Webinar with Jack Jones

The military has leveraged the concept of situational awareness to improve decision-making, particularly in the face of uncertainty.

Learn More →
Video with Slides

Managing Cyber Risk with FAIR and NIST CSF - Webinar with Jack Jones

NIST CSF is intended to help organizations become more risk-focused.

Learn More →
Video with Slides

WEBINAR: Reducing Cyber Risk from Employees Working at Home Case Study

Many companies are currently looking at work from home options for employees in response to the Coronavirus pandemic, while still maintaining control over sensitive corporate data.

Learn More →
Video with Slides

RSAC20 Seminar Slides - A FAIR Approach to Cyber and Technology Risk Measurement

Risk management expectations are evolving, especially with regards to how risk is being measured and communicated.

Learn More →
Video with Slides

FAIR Institute Interview with Jack Jones and Michele Wucker, author of "The Gray Rhino"

It was a meeting of the minds: FAIR model creator Jack Jones, who’s dedicated his career advocating for quantitative, critical thinking against the easy-button practices of conventional cyber risk management—and Michele Wucker, author of The Gray Rhino: How to Recognize and Act on the Obvious Dangers We Ignore, a highly acclaimed book that’s getting renewed buzz as a result of the “unforeseen” coronavirus crisis that was all along like a snorting gray rhino about to charge.

Learn More →
Video with Slides

FAIR Breakfast Meeting During RSAC20 - Building Effective Cyber Risk Management Programs that Work

Key Points from Jack Jones and CISOs on Adopting FAIR

Learn More →
Video with Slides

Webinar Recording-Fannie Mae Cyber Intelligence Team Drives Culture Change Around Risk Using FAIR

Organizations starting out on their FAIR journey have probably heard the pitch several times by now: the qualitative High Medium Low “risk ratings” don’t cut it anymore.

Learn More →
Video with Slides

Combining NIST CSF and FAIR to Drive Better Cyber Risk Decisions - RiskLens Sponsored Webinar

If you are a private sector organization driving your security program forward with the NIST-CSF framework, or a U.S. Government Agency working to adhere to the NIST Framework for Improving Critical Infrastructure Cybersecurity, you're on the right track to better outcomes.

Learn More →
Video with Slides

2019 Risk Management Maturity Benchmark Survey Results Webinar

Join Jack Freund, PhD. and co-author of the FAIR Book “Measuring and Managing Information Risk: A FAIR Approach” and our expert panel for this engaging webinar on Thursday, December 19 at 11 AM EST.

Learn More →
Video with Slides

Webinar: Quantified Cyber Risk Management: Three steps to success with Highmark Health

Interactive discussion focusing on Highmark Health's two-year journey to implement quantitative cyber risk management methods.

Learn More →
Video with Slides

Profiling organisation - FAIR Analysis - post by Denny Wan, Chair of the Sydney Local Chapter

The Open Group FAIR cyber risk quantification framework aims to create a common risk language that all can understand across an organisation.

Learn More →
Video with Slides

Am I Mature Enough to Adopt FAIR? - Uncovering the True Success Factors

Finding your team's "True North" when starting a FAIR program can be overwhelming.

Learn More →
Video with Slides

Various Stages of FAIR Adoption - Geoji Paul, Centene and Nathan Thomack, Emerson

Please welcome to the stage Geoji Paul, Director of Information Security Risk at Centene and Nathan Thomack, Manager of Cybersecurity Risk Management at Emerson for their session “Various Stages of FAIR Adoption.”

Learn More →
Video with Slides

Integrating Cyber Into ERM

Thank you all for joining our panel session “Integrating Cyber Into ERM.”

Learn More →
Video with Slides

Why Digital Business Needs IRM & Risk Quantification by John Wheeler, Gartner

Day 2 Keynote Speaker, John Wheeler, Global Research Leader - Risk Management Technology at Gartner.

Learn More →
Video with Slides

Using FAIR to take the Headache out of considering Cyber Insurance for your Business - Walmart

At Walmart, the use of FAIR-based risk quantification methods enable decision makers to effectively evaluate cyber-insurance policies.

Learn More →
Video with Slides

A Crash Course on Quantitative vs. Qualitative with Evan Wheeler

The title of this presentation is “A Crash Course on Quantitative vs. Qualitative.” This presentation will help us answer the questions of should I adopt a formal risk model, and should I quantify risk.

Learn More →
Video with Slides

Pen Testing Your Board Pitch: An Interactive Exercise

This session will provide actionable advice on satisfying board members’ appetite for cyber risk analysis on an equal, quantitative footing with enterprise risk analysis (ERM).

Learn More →
Video with Slides

Integrating Strategic Cyber Threat Intel and FAIR, Musso Shaikh, Cyber Threat Intel, Fannie Mae

A mutually beneficial relationship exists between threat intelligence and quantitative risk assessments via FAIR.

Learn More →
Video with Slides

Scoping Enterprise Risk Assessments - Keith Weinbaum, Quicken Loans

Please welcome Keith Weinbaum, Enterprise Risk Management Architect at Quicken Loans.

Learn More →
Video with Slides

Operationalizing Risk Quantification in Business Processes with Jack Whitsitt

So, you’ve brought in FAIR into your organization. You got the executive buy-in, were trained, and are now a FAIR-shop.

Learn More →
Video with Slides

Closing the Risk Management Loop with Cyber Risk Quantification with Greg Rothauser

A growing list of financial services organizations are using FAIR to mature information risk management function and effectively address the most significant risks.

Learn More →
Video with Slides

Building a Cybersecurity Program with a Risk Management Framework & FAIR

Many organizations rely on risk management frameworks such as NIST CSF and HITRUST as guidance for building best practice cybersecurity programs.

Learn More →
Video with Slides

CISO Panel: Defining the Goals of an Effective Risk Management Program

The next session “Defining the Goals of an Effective Risk Management Program” will include expert CISOs who are leaders of this movement and who will share their experience with us.

Learn More →
Video with Slides

How to Measure Risk with Limited and Messy Data: Overcoming the Myths by Doug Hubbard

Doug is the author of the books How to Measure Anything, How to Measure Anything in Cybersecurity Risk and The Failure of Risk Management and a consultant through Hubbard Decision Research.

Learn More →
Video with Slides

The View from U.S. Congress Cong. Jim Langevin, Co-Chair Congressional Cybersecurity Caucus

Securing our nation’s technology infrastructure against cyber-attacks is a top priority for Rep. Langevin.

Learn More →
Video with Slides

Managing Organizational and Third-party Risk in the Age of Digital Transformation

Managing Organizational and Third-party Risk in the Age of Digital Transformation: Practical Lessons and Data-influenced Considerations

Learn More →
Video with Slides

Use Case Panorama - How Quantification Enables Risk-Aligned Decision Making

Real-life business decisions at some of the world's largest companies are being made every day based on quantitative risk assessments.

Learn More →
Video with Slides

Enabling Risk Management Programs That Actually Work by Jack Jones, Chairman, FAIR Institute

For our opening keynote, I would like to introduce Jack Jones, author of FAIR and Chairman of the FAIR Institute, who will discuss , “Enabling Risk Management Programs That Actually Work.”

Learn More →
PDF

Compilation of Risk Assessment Guidelines from Various Regulatory and Compliance Entities

The Cyber Risk Management Workgroup has now published a compilation of risk assessment guidelines from various regulatory and compliance entities intended to be used as an overview for practitioners.

Learn More →
PDF

Regulatory/Compliance Risk Assessment Overview for FAIR Practitioners

Attached is the Cyber Risk Management Workgroup Deliverable "Regulatory/Compliance Risk Assessment Overview for FAIR Practitioners"

Learn More →
PDF

The Road to Cyber Risk Maturity - 2018 Risk Management Maturity Benchmark Survey Report

Our second annual Benchmark Survey Report to provide insights into the current state of the industry and how best to move forward.

Learn More →
Wistia Link

Video: 2018 Risk Management Maturity Benchmark Survey Results Webinar

Video: 2018 Risk Management Maturity Benchmark Survey Results Webinar

Learn More →
Video with Slides

Member Engagement Packet for the FAIR Institute

Have questions of where to start within the Institute? Want to find out how to best get started?

Learn More →
Video with Slides

Board Oversight of Cyber Risk - Baseline Diagnostic Guide

Download attachment below.

Learn More →
PDF

Wheel of Fire Hits Stack - A New Way of Visualizing Effective Risk Management

"We need effective risk management to make well-informed decisions and we need effective risk management to measure those decisions and, over time, sometimes a relatively short time, to challenge the status quo as our environments change and as we know and understand more.

Learn More →
PDF

Jack Jones Managing Cybersecurity Surprises - the Executives Perspective

“Executives hate surprises” begins a new white paper, Managing Cybersecurity Surprises – the Executive’s Perspective, by FAIR model creator Jack Jones, and goes on to detail the four most likely reasons that organizations get blindsided by cybersecurity failures:

Learn More →
Video with Slides

Panel: How to communicate the value of FAIR to internal and external stakeholders

Attached is the Cyber Risk Management Workgroup Deliverable "Regulatory/Compliance Risk Assessment Overview for FAIR Practitioners"

Learn More →
Video with Slides

Awards Luncheon

Learn More →
Video with Slides

Technical Advisor, RiskLens Sponsored Webinar

Seasoned risk consultant and FAIR expert, Rebecca Merritt, of RiskLens will share her personal path to enlightenment (read: FAIR model!) as a former IT Auditor for a Big 4.

Learn More →
Video with Slides

Information Overload - How much do boards really need to know about cyber risk

Slide presentation from Jack Jones on how to better communicate to Boards.

Learn More →
Link to Website

FAIR-U Tool

If you’ve been looking for an easy way to put into practice the concepts you learned in the FAIR Book, FAIR Training, or to test risk quantification before considering a commercial enterprise-level solution, FAIR-U is for you.

Learn More →
Video with Slides

FAIR Institute Orientation Webinar for New Members

This webinar is hosted on a monthly basis for new members to the Institute. It is an overview of the offerings of the Institute and the advantages of becoming an engaged member.

Learn More →
Video with Slides

About the FAIR Institute

Feel free to download and share the "About the FAIR Institute" presentation attached below to spread the word of FAIR and the FAIR Institute.

Learn More →
PDF

Industrial Company Assesses Ransomware Threat - Sponsored by RiskLens

This case study is designed as a scenario that would help to inform management about the significance of an emerging risk, such a ransomware.

Learn More →
PDF

Financial Institution Prepares for GDPR and NYDFS Regulations Using RiskLens - Sponsored by RiskLens

A global banking and financial services holding company with over $300B in total assets is preparing for the upcoming European Union General Data Protection Regulation (GDPR) and New York Department of Financial Services (NYDFS) cybersecurity regulations.

Learn More →
PDF

Financial Institution calculates Risk Exposure in Moving to Office 365 - Sponsored by RiskLens

A financial services institution with $10B in total assets was trying to determine if a move to Office 365 from their internally hosted Exchange Server made sense for the organization.

Learn More →
PDF

Healthcare Supplier Uses RiskLens to Identify Business Continuity Strategy - Sponsored by RiskLens

A large healthcare supplier serving more than 150 million Americans operated a key fulfillment facility in an area threatened by natural disasters.

Learn More →
PDF

Manufacturing Company CISO Confidently Justifies IP Protection Project - Sponsored by RiskLens

The CISO at a global manufacturing company with $50 billion in revenue faced an all-too common problem: intellectual property (IP), critical to their success and position in their market, was scattered throughout the organization, exposing them to grave occurrences of IP ex-filtration.

Learn More →
Wistia Link

Video: 2017 Risk Management Maturity Benchmark Survey Results Webinar

Our first annual Benchmark Survey Report and Webinar provide insights into the current state of the industry and how best to move forward.

Learn More →
PDF

Where Do We Go From Here? 2017 Risk Management Maturity Benchmark Survey Results Report

Our first annual Benchmark Survey Report and Webinar provide insights into the current state of the industry and how best to move forward.

Learn More →
PDF

Improving Risk Decisions

This article will provide insight into the factors that drive risk decisions, the role of business management and security experts in decision making, as well as the information that’s necessary in order to make well-informed risk decisions.

Learn More →
PDF

The Failure of GRC

In this white paper, Jack Jones shares five reasons why many organizations are, at best, realizing only one of many important objectives.

Learn More →
PDF

Effectively Leveraging Data in FAIR Analyses

With the advent of FAIR, organizations finally have a model that enables effective cyber risk measurement. As a result, this document will provide guidance and examples to help organizations improve their FAIR-based risk analyses using these data sources.

Learn More →
PDF

A Clarification of "Risks"?

People in the risk management profession routinely use the word “risk” in different ways. Although this may be fine in a non-professional setting, it presents significant challenges in terms of our ability to accurately and efficiently identify, measure, and communicate about risk.

Learn More →
PDF

How You Prioritize, Matters

This paper describes at a high level a comparison of the relative efficacy of prioritizing risk remediation activities using qualitative versus quantitative methods.

Learn More →
PDF

Does Training Help Reduce Spear Phishing Risk?

Find out if training can reduce risk associated with spear and regular phishing in this case study.

Learn More →
PDF

Cost-Benefit of Implementing Credit Card Database Tokenization

Review a case study on how much credit card number tokenization can reduce the risk associated with the card datastore.

Learn More →
PDF

A Risk-Based Approach for Information Security and Fraud Analytics

Review a Big Data Case Study on Using a Risk-Based Approach for Information Security and Fraud Analytics.

Learn More →
PDF

Learning Institution Assesses Best Architecture To Secure Cloud App

Understand how much risk is associated with different security encryption strategies related to cloud data.

Learn More →
PDF

Cyber Risk Management Maturity

This document describes a more fundamental approach to defining and evaluating cyber risk management maturity.

Learn More →
Video with Slides

Building a Sustainable FAIR Program

Learn from one of the most successful FAIR implementation teams.

Learn More →
Video with Slides

Mapping NIST CSF & FAIR - Slides from the Data Utilization Workgroup Call (11/08/2017)

Join Jack Jones as he explains how NIST CSF and FAIR act as complements to one another.

Learn More →
PDF

Root-Cause Analysis - Break Out of Ground Hog Day

Applying Root Cause Analysis to a portfolio of issues can help identify and resolve systemic issues within your organization.

Learn More →