Tag Archives: fair

FAIR (OpenFAIR Certified)

Posted on March 6, 2020 by Carmelo

I took a class that Risklens teaches on the Factor Analysis of Information Risk. I really enjoyed the class. It was very good. That and I’ve been taught by Jack in the past… like 14 years ago when we were … Continue reading

Posted in Security Blog | Tagged , , | Comments Off on FAIR (OpenFAIR Certified)

Open FAIR Certified

Posted on March 6, 2020 by Carmelo

I earned my Open FAIR certification today. So I got that going for me :)

Posted in life | Tagged , | Comments Off on Open FAIR Certified

Nashville GRC Conference and RSA Archer Summit

Posted on August 18, 2018 by Carmelo

IIA ISACA GRC I was stationed in Millington, TN back in 1992 for Ordnance school and never made it over to Nashville. My buddies and I back in those days, were city boys and thought very little about Country music … Continue reading

Posted in Security Blog | Tagged , , , , , , , , , , , | Comments Off on Nashville GRC Conference and RSA Archer Summit

An Infographic to Implement an IT Governance, Risk, and Compliance Framework and a Risk Management Framework

Posted on July 3, 2018 by Carmelo

I built an Infographic to Implement an IT Governance, Risk, and Compliance Framework and a Risk Management Framework. I do hope everyone finds it useful. A good solid framework is a critical foundation to lay for managing risk in businesses … Continue reading

Posted in Security Blog | Tagged , , , , , , , , , , , , | Comments Off on An Infographic to Implement an IT Governance, Risk, and Compliance Framework and a Risk Management Framework

Video: What Is Risk? The Bald Tire Scenario

Posted on August 14, 2017 by Carmelo

Jack Jones presents the bald tire scenario. The Bald Tire Scenario http://www.fairinstitute.org/blog/video-what-is-risk-the-bald-tire-scenario

Posted in Security Blog | Tagged , , , , , | Comments Off on Video: What Is Risk? The Bald Tire Scenario

Pragmatic Cyber Risk Quantification

Posted on January 30, 2017 by Carmelo

ISC2 presents Jack Jones, founder of FAIR. Quantitative risk analysis is achievable, can be pragmatic, and can actually out-perform qualitative risk analysis in the face of complex issues like intelligent adversaries. Join Jack Jones, the original author of the Factor … Continue reading

Posted in Security Blog | Tagged , , , , , , | Comments Off on Pragmatic Cyber Risk Quantification

The NIST CyberSecurity Framework

Posted on January 10, 2017 by Carmelo

According to Gartner, NIST says 30 percent of U.S. organizations used the framework in 2015, and it expects that percentage to grow to 50 percent by 2020.

Posted in Security Blog | Tagged , , , , , , , , , , | Comments Off on The NIST CyberSecurity Framework

RSA Conference 2016

Posted on March 2, 2016 by Carmelo

This week, I’m at the Moscone center in San Francisco, learning from those who have learned the lessons through trials and tribulations and have experienced them in such a way that they have put them into practice, have gained passion … Continue reading

Posted in Security Blog | Tagged , , , , , | Comments Off on RSA Conference 2016

iRisk

Posted on March 24, 2014 by Carmelo

iRisk, or the iRisk equation is another quantitative analysis formula. Like most quantitative analysis models, you solve for the risk by calculating the threat and vulnerability, and lower the risk when mitigating or compensating controls are added. Here is where … Continue reading

Posted in Security Blog | Tagged , , , , , , , , , | Comments Off on iRisk

What’s the Risk?

Posted on March 7, 2014 by Carmelo

When asked, what’s the risk? I find great pleasure in flexing my ability to break down potential loss in either qualitative or quantitative methods. The FAIR Quantitative Risk Model was taught to me by Jack Jones, the creator. I also … Continue reading

Posted in Security Blog | Tagged , , , , , , , , | Comments Off on What’s the Risk?