The FAIR Institute Recently Named One of the Most Important Industry Organizations
On March 9, 2019, SC Media named the FAIR Institute, one of N2K’s strategic partners, as one of the “Most Important Industry Organizations of the Last 30 Years” at the 2019 SC Awards during the RSA Conference in San Francisco. SC Media, which has for more than thirty years contributed to reporting and analysis on information security issues, introduced its 30th Anniversary Awards as a special category to honor those organizations who have “left an indelible imprint on the cybersecurity industry through their tireless work and visionary leadership.” The annual awards typically honor the best organizations and technology of the year, and for SC Magazine’s 30th anniversary they recognized the three best of the past three decades.
The award recognized the FAIR Institute’s “continued dedication to protecting enterprises from today’s sophisticated threats” and the efforts of the institute and its members “to fundamentally change how the industry is defining, thinking of, and managing risk.” SC Media’s recognition of FAIR (Factor Analysis of Information Risk) comes only three years after the institute’s founding, demonstrating FAIR’s increasing prominence globally and how its model is changing the way the information security industry thinks about cyber risk. As FAIR Institute president and secretary Nick Sanna stated after receiving the award, the recognition encourages the notion that through FAIR “cyber risk management can be conducted in the same solid financial basis that’s broadly accepted in enterprise risk management.”
Why N2K’s Partnership with the FAIR Institute Really Matters
N2K aligns its Board and Executive Cyber Risk Training programs to the FAIR model and has been a strategic partner with the FAIR Institute since 2018. Why? Because N2K sees the FAIR model as the future of cyber risk management. Not only does FAIR provide a sensible means to analyze and quantify cyber risk, but it also communicates that risk using anticipated financial loss ranges. It takes risk, which is traditionally considered a vague and technical topic in information security, and translates it into terms that business executives and senior leadership without an infosec background can easily understand. FAIR enables a more seamless delivery of programming to the executive audience in a straightforward format.
As Jack Jones, the Chairman of the FAIR Institute, told N2K in a recent interview, the FAIR model simplifies cyber risk, assigns real values to that risk, and defines fundamental concepts such as risk, threat, or vulnerability with clear and precise terminology.
The FAIR model can also assist an organization in designing its own cyber risk dashboard. Cyber risk dashboards can be used to track enterprise risks and potential risks associated with decision-making. By using FAIR’s quantitative breakdown of risk into measurable component categories, organizations can provide a readymade model through which to construct a dashboard to track an organization’s cyber risk. For an example, see N2K’s previous blog post, Making Cyber Risk FAIR: Measuring and Managing Digital Dangers.
Application of the FAIR model can greatly improve and empower the Chief Information Security Officer’s (CISO) ability to explain how much cyber risk an organization has, quantitatively, to board members and other C-suite executives.
N2K’s Resolve Executive Cyber Risk Training program is the ONLY board and executive training program on cyber risk endorsed by the FAIR Institute. Resolve’s Cyber Risk Program aligns its curriculum with the FAIR Institute because we share a common vision: bridging the gap between IT leaders and business leaders to bolster board members’ and senior executives’ understanding of cyber risk. The partnership helps raise awareness about the need for organizations to better quantify cyber risk.
Want to Learn More About Your Cyber Risk?
Interested in learning more about applying the FAIR model to measure cyber risk in your organization? Want to train your board and senior executives on how to better understand cyber risk? N2K can help.
Webinar: Cyber Risk Dashboards
Join N2K and the FAIR Institute for our free webinar on Thursday, March 21st on “Cyber Risk Dashboards: What the Board Wants & How FAIR Can Get You There.” Jeff Welgan, N2K’s Head of Executive Training Programs, will provide feedback from the boardroom about cyber risk dashboards, highlight some real world examples that fail to effectively communicate cyber risk, and provide his recommendation on how to best structure and design a meaningful board-level cyber risk dashboard.
Cyber Risk Training
If you want more information on measuring and managing cyber risk, be sure to also check out all of our Resolve board and executive training programs. N2K’s Digital Cyber Risk Training covers 25+ cyber risk topics, includes case studies, monthly newsletters and executive briefings, and subject matter expert interviews — including the full interview with the Fair Institute’s Jack Jones.
Additional Executive Programs
N2K also offers Deep-Dive Executive Cybersecurity Sessions, Executive-Level Cybersecurity Awareness training, and Cyber Breach Tabletop Exercises. Our training programs are designed to instill the knowledge necessary to confidently oversee cyber risk and ultimately help you protect your bottom line.
More About FAIR & the FAIR Institute
The FAIR Institute currently has more than 4,000 members from 87 different countries, including nearly 30% of the Fortune 1000 companies. The FAIR model is the only accredited (by Open Group) international standard quantitative model for information security and operational risk. Unlike other cyber risk models, FAIR quantifies cyber risk into easily understandable financial ranges–real, calculable numbers–and can improve organizational risk assessments.