The Impact of FAIR on Risk Management with Jack Jones episode artwork

EPISODE · Apr 3, 2024 · 41 MIN

The Impact of FAIR on Risk Management with Jack Jones

from Razorwire Cyber Security & InfoSec Insights

Welcome to Razorwire, the cutting-edge podcast where we slice through the complexity of cybersecurity and risk management to bring you insights from industry leaders. I’m your host, Jim and in today’s episode, we unravel the intricacies of FAIR (Factor Analysis of Information Risk) risk methodology with none other than its creator, Jack Jones. Jack’s groundbreaking approach has revolutionised how organisations perceive and approach information security risks. So, buckle up as we dive deep into the mind behind this transformative model.In a fascinating session, Jack shares his journey in developing the FAIR risk methodology and its impact on the business landscape. From facing initial industry scepticism to achieving global recognition, Jack's story is a testament to innovation and perseverance. Alongside the creation of the FAIR Institute and the adoption of his standards across various sectors, Jack also teases his upcoming book focused on the controls analytics model. We discuss the evolving landscape of risk management and the potential for FAIR to automate and improve cybersecurity practices. Get ready to have your perspective on risk quantification transformed!Key Talking Points:1. Demystifying FAIR - Discover how Jack Jones broke new ground with the FAIR risk methodology, demystifying risk management for businesses worldwide and why industry giants are adopting his model to navigate the complexities of cybersecurity.2. Resistance and Triumph - Hear the compelling tale of how Jack overcame industry resistance, with some even suggesting criminal negligence, to establish a new paradigm in risk assessment now embodied in the FAIR Institute and the Open FAIR standard.3. Risk Beyond Cybersecurity - Learn how the versatile FAIR model transcends cybersecurity, influencing financial product design, operational risk measurement and even natural disaster assessments - a testimony to its adaptability and Jack's vision for its future potential.For cybersecurity professionals eager to stay ahead of the curve and to refine their approach to risk management, this episode is not to be missed. Join us on Razorwire to hear the insights and backstories directly from the experts shaping the field.“I did get some positive reactions from people in the industry, but I also got an email from someone in the industry … with a significant following and they wrote me a letter saying that I should be prosecuted for criminal negligence for having published this, that in his view, the word risk should be stricken from the English language.”&nbsp;- Jack JonesListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:- Fair Risk Methodology Overview: A novel approach to risk assessment that simplifies risk management by addressing subjective probability factors and incorporating control efficacy.&nbsp;&nbsp;- Development and Inspiration: The origins of the methodology and how inspiration from physics led to a new model for measuring control effectiveness in risk management.&nbsp;&nbsp;- Industry Reaction and Growth: An exploration of the initial pushback against the methodology, followed by its adoption by the Open Group and the subsequent rapid expansion globally.&nbsp;&nbsp;- Founding of the FAIR Institute: The establishment of a dedicated institute to provide resources and community engagement around the FAIR methodology.&nbsp;&nbsp;- Advancement through Collaboration: How input from various industry professionals has contributed to the enhancement of the FAIR model, exemplified by the new materiality assessment.&nbsp;&nbsp;- Communication and Misunderstandings: The challenges faced in conveying the principles of FAIR, leading to some recommendations to alter the model and the need for clearer communication.&nbsp;&nbsp;- Widespread Adoption and Consistency: The pride in the widespread application of the FAIR methodology across different business domains and its consistent framework over time.&nbsp;&nbsp;- Future Expansions and Applications: The anticipation of new additions to the FAIR model and its application beyond security, including financial, operational and natural disaster risk assessments.&nbsp;&nbsp;- Automation in Risk Quantification: The evolving trend towards using technology such as AI to automate cyber risk quantification for timelier and mainstream industry applications.&nbsp;&nbsp;- Resources and Further Engagement: Information on resources for learning more about the FAIR methodology, upcoming publications and ways to connect with thought leaders in the field.Guest BioJack JonesChairman Emeritus of the FAIR InstituteJack has worked in information security for over 35 years, 10 years of which as a CISO with three different companies, including a Fortune 100 company. His work was recognised in 2006 with the ISSA Excellence in the Field of Security Practices. Jack has received the CSO Compass award for risk management leadership and also had the privilege of participating in the ISACA task force that created the original RiskIT framework and led the development of ISACA’s CRISC certification programme. An adjunct instructor at Carnegie Mellon University, he teaches in the CISO executive programme. Jack alsocreated the Factor Analysis of Information Risk (FAIR) and FAIR-CAM models which have been adopted as international standards for measuring risk. In 2015, he co-authored a book on FAIR entitled Measuring and Managing Information Risk, a FAIR Approach, which was inducted into the CyberSecurity Canon in 2016.Resources Mentioned- FAIR risk methodology- Jim's recently released book, "The Cyber Sentinels Handbook"- Kindle Unlimited- RMI Solutions- FAIR Institute- FAIR controls analytics model (Faircam)Other episodes you'll enjoyCybersecurity in 2024: Expert Predictions You Need to Knowhttps://www.razorthorn.com/cybersecurity-in-2024-expert-predictions-you-need-to-know/The Rise of Cyber Mercenaries: Governments’ Secret Weapons in Cyber Warfarehttps://www.razorthorn.com/the-rise-of-cyber-mercenaries-governments-secret-weapons-in-cyber-warfare/Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.Linkedin: Razorthorn SecurityYoutube: Razorthorn SecurityTwitter:&nbsp; &nbsp;@RazorThornLTD<a...

NOW PLAYING

The Impact of FAIR on Risk Management with Jack Jones

0:00 41:06

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

The Hunt Diaz Task Force A hard-hitting, eye-opening podcast that takes you deep into the relentless fight against human and sex trafficking. Each episode explores the dangerous world of traffickers and predators from every angle—street operations, online investigations, and digital warfare. Hear firsthand from law enforcement, federal agents, and prosecutors as they share real stories of sting operations, investigative tactics, and the challenges of bringing traffickers to justice. Follow live sting operations, online predator investigations, and real-time takedowns of trafficking rings, with insights from cybercrime experts, undercover decoys, and live case discussions. We dive deep into how traffickers operate on the dark web, using cryptocurrency and other digital tools to exploit victims. Learn how law enforcement is using cutting-edge technology to track traffickers and disrupt their operations. The Hunt, pulls back the curtain on the digital and real-world fight against trafficking, exposing the p Explicit The Uncaged Pod Jess MacMillan The Uncaged Pod is the podcast for bold, soul-led women who are ready to break free from the cages of perfectionism, people-pleasing, and limiting beliefs. Hosted by Jess MacMillan, mama, keynote speaker, and women's empowerment advocate, this show delivers raw conversations, powerful insights, and unapologetic truths that will inspire you to reclaim your voice, rewrite your story, and rise with unstoppable confidence.Each week, Jess and her guests dive into topics around leadership, personal growth, entrepreneurship, and motherhood, offering real-life strategies, soulful reflections, and empowering stories to help you lead, live, and love uncaged.Whether you're an entrepreneur, a creative, or a woman who’s remembering who she really is, The Uncaged Pod is your invitation to step into your power and live life on your own terms. Explicit Crime and Conscience Ashley Painter Discover the world of true crime with Ashley on Crime and Conscience. Explore psychological insights and stories that challenge our perceptions of guilt and innocence. Uncover the complexities of crime, trauma, and the human experience in each episode. Explicit Technado (Archived) ACI Learning The Technado crew covers a whirlwind of tech topics each week from interviews with industry experts and up-and-coming companies to commentary on topics like security, vendor certifications, networking, and just about anything IT related. Explicit

Frequently Asked Questions

How long is this episode of Razorwire Cyber Security & InfoSec Insights?

This episode is 41 minutes long.

When was this Razorwire Cyber Security & InfoSec Insights episode published?

This episode was published on April 3, 2024.

What is this episode about?

Welcome to Razorwire, the cutting-edge podcast where we slice through the complexity of cybersecurity and risk management to bring you insights from industry leaders. I’m your host, Jim and in today’s episode, we unravel the intricacies of FAIR...

Is there a transcript available for this episode?

Yes, a full transcript is available for this episode. You can read the complete transcript on the episode page.

Can I download this Razorwire Cyber Security & InfoSec Insights episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!