The Impact of FAIR on Risk Management with Jack Jones

Welcome to Razorwire, the cutting-edge podcast where we slice through the complexity of cybersecurity and risk management to bring you insights from industry leaders. I’m your host, Jim and in today’s episode, we unravel the intricacies of FAIR (Factor Analysis of Information Risk) risk methodology with none other than its creator, Jack Jones. Jack’s groundbreaking approach has revolutionised how organisations perceive and approach information security risks. So, buckle up as we dive deep into the mind behind this transformative model.

In a fascinating session, Jack shares his journey in developing the FAIR risk methodology and its impact on the business landscape. From facing initial industry scepticism to achieving global recognition, Jack’s story is a testament to innovation and perseverance. Alongside the creation of the FAIR Institute and the adoption of his standards across various sectors, Jack also teases his upcoming book focused on the controls analytics model. We discuss the evolving landscape of risk management and the potential for FAIR to automate and improve cybersecurity practices. Get ready to have your perspective on risk quantification transformed!

Key Talking Points:

1. Demystifying FAIR – Discover how Jack Jones broke new ground with the FAIR risk methodology, demystifying risk management for businesses worldwide and why industry giants are adopting his model to navigate the complexities of cybersecurity.

2. Resistance and Triumph – Hear the compelling tale of how Jack overcame industry resistance, with some even suggesting criminal negligence, to establish a new paradigm in risk assessment now embodied in the FAIR Institute and the Open FAIR standard.

3. Risk Beyond Cybersecurity – Learn how the versatile FAIR model transcends cybersecurity, influencing financial product design, operational risk measurement and even natural disaster assessments – a testimony to its adaptability and Jack’s vision for its future potential.

For cybersecurity professionals eager to stay ahead of the curve and to refine their approach to risk management, this episode is not to be missed. Join us on Razorwire to hear the insights and backstories directly from the experts shaping the field.

“I did get some positive reactions from people in the industry, but I also got an email from someone in the industry … with a significant following and they wrote me a letter saying that I should be prosecuted for criminal negligence for having published this, that in his view, the word risk should be stricken from the English language.” 

– Jack Jones

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered the following topics:

– Fair Risk Methodology Overview: A novel approach to risk assessment that simplifies risk management by addressing subjective probability factors and incorporating control efficacy.

– Development and Inspiration: The origins of the methodology and how inspiration from physics led to a new model for measuring control effectiveness in risk management.

– Industry Reaction and Growth: An exploration of the initial pushback against the methodology, followed by its adoption by the Open Group and the subsequent rapid expansion globally.

– Founding of the FAIR Institute: The establishment of a dedicated institute to provide resources and community engagement around the FAIR methodology.

– Advancement through Collaboration: How input from various industry professionals has contributed to the enhancement of the FAIR model, exemplified by the new materiality assessment.

– Communication and Misunderstandings: The challenges faced in conveying the principles of FAIR, leading to some recommendations to alter the model and the need for clearer communication.

– Widespread Adoption and Consistency: The pride in the widespread application of the FAIR methodology across different business domains and its consistent framework over time.

– Future Expansions and Applications: The anticipation of new additions to the FAIR model and its application beyond security, including financial, operational and natural disaster risk assessments.

– Automation in Risk Quantification: The evolving trend towards using technology such as AI to automate cyber risk quantification for timelier and mainstream industry applications.

– Resources and Further Engagement: Information on resources for learning more about the FAIR methodology, upcoming publications and ways to connect with thought leaders in the field.

Guest Bio

Jack Jones

Chairman Emeritus of the FAIR Institute

Jack has worked in information security for over 35 years, 10 years of which as a CISO with three different companies, including a Fortune 100 company. His work was recognised in 2006 with the ISSA Excellence in the Field of Security Practices. Jack has received the CSO Compass award for risk management leadership and also had the privilege of participating in the ISACA task force that created the original RiskIT framework and led the development of ISACA’s CRISC certification programme. An adjunct instructor at Carnegie Mellon University, he teaches in the CISO executive programme. Jack also

created the Factor Analysis of Information Risk (FAIR) and FAIR-CAM models which have been adopted as international standards for measuring risk. In 2015, he co-authored a book on FAIR entitled Measuring and Managing Information Risk, a FAIR Approach, which was inducted into the Cyber

Security Canon in 2016.

Resources Mentioned

– FAIR risk methodology

– Jim’s recently released book, “The Cyber Sentinels Handbook”

– Kindle Unlimited

– RMI Solutions

– FAIR Institute

– FAIR controls analytics model (Faircam)

Other episodes you’ll enjoy

Cybersecurity in 2024: Expert Predictions You Need to Know

The Rise of Cyber Mercenaries: Governments’ Secret Weapons in Cyber Warfare

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com.

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com

Loved this episode? Leave us a review and rating here

All rights reserved. © Razorthorn Security LTD 2024


Follow Us