December 2024 S M T W T F S 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Blog Stats
- 75,849 hits
Tag Archives: fair
FAIR (OpenFAIR Certified)
I took a class that Risklens teaches on the Factor Analysis of Information Risk. I really enjoyed the class. It was very good. That and I’ve been taught by Jack in the past… like 14 years ago when we were … Continue reading
Posted in Security Blog
Tagged achievement unlocked, fair, OpenFAIR
Comments Off on FAIR (OpenFAIR Certified)
Open FAIR Certified
I earned my Open FAIR certification today. So I got that going for me :)
Nashville GRC Conference and RSA Archer Summit
IIA ISACA GRC I was stationed in Millington, TN back in 1992 for Ordnance school and never made it over to Nashville. My buddies and I back in those days, were city boys and thought very little about Country music … Continue reading
Posted in Security Blog
Tagged fair, grc, IIA, ISACA, IT GRC, Jack Jones, Lynn Heiberger, Nashville, rsa, RSA Archer, RSA Archer Summit, RSA Conference
Comments Off on Nashville GRC Conference and RSA Archer Summit
Video: What Is Risk? The Bald Tire Scenario
Jack Jones presents the bald tire scenario. The Bald Tire Scenario http://www.fairinstitute.org/blog/video-what-is-risk-the-bald-tire-scenario
Posted in Security Blog
Tagged 2017, factor analysis information risk, fair, Jack Jones, risk management, video tutorial
Comments Off on Video: What Is Risk? The Bald Tire Scenario
Pragmatic Cyber Risk Quantification
ISC2 presents Jack Jones, founder of FAIR. Quantitative risk analysis is achievable, can be pragmatic, and can actually out-perform qualitative risk analysis in the face of complex issues like intelligent adversaries. Join Jack Jones, the original author of the Factor … Continue reading
Posted in Security Blog
Tagged 2016, 2017, cyber risk, factor analysis information risk, fair, risk, risk management
Comments Off on Pragmatic Cyber Risk Quantification
The NIST CyberSecurity Framework
According to Gartner, NIST says 30 percent of U.S. organizations used the framework in 2015, and it expects that percentage to grow to 50 percent by 2020.
RSA Conference 2016
This week, I’m at the Moscone center in San Francisco, learning from those who have learned the lessons through trials and tribulations and have experienced them in such a way that they have put them into practice, have gained passion … Continue reading
Posted in Security Blog
Tagged factor analysis information risk, fair, Jack Jones, risk analysis, rsa, RSA Conference
Comments Off on RSA Conference 2016
iRisk
iRisk, or the iRisk equation is another quantitative analysis formula. Like most quantitative analysis models, you solve for the risk by calculating the threat and vulnerability, and lower the risk when mitigating or compensating controls are added. Here is where … Continue reading
Posted in Security Blog
Tagged 2014, fair, irisk, ISO 27001, ISO 27005, NIST 800-39, NIST 800-53, octave, quantitative, risk analysis
Comments Off on iRisk
What’s the Risk?
When asked, what’s the risk? I find great pleasure in flexing my ability to break down potential loss in either qualitative or quantitative methods. The FAIR Quantitative Risk Model was taught to me by Jack Jones, the creator. I also … Continue reading
Posted in Security Blog
Tagged 2014, analysis, basel categories, example, fair, isra, qualitative, quantitative, risk analysis
Comments Off on What’s the Risk?