The CXOWARE Blog

Welcome to the CXOWARE blog. We hope you’ll join us for lively and good natured discussion about risk and risk issues!  We’re risk geeks, plain and simple. We’re big advocates of the Factor Analysis of Information Risk (FAIR) framework for quantifying risk.

Effective Communication of Cybersecurity Risk with the C-Suite and Boardroom Outlined by CXOWARE Founder

By: Jack Jones

Find me on:

CXOWARE, a cybersecurity risk analysis solutions provider, today announced the release of Measuring and Managing Information Risk: A FAIR Approach a book co-authored by Jack Jones, President and Co-Founder. When Jack Jones first became a CISO at Fortune 100 financial services company, he was unable to find the tools he needed to answer questions from the board of directors such as:

  1. How much risk do we have?
  2. How much less risk will we have if we spend the money you’re requesting?

In his quest for answers, Mr. Jones developed the Factor Analysis of Information Risk (FAIR) methodology for quantifying risk. FAIR is now an industry standard risk model adopted by The Open Group and has been in use by Fortune 100 companies and top financial organizations. Measuring and Managing Information Risk, co-authored by Jack Jones and Jack Freund, provides an easy and accessible way to learn the methodology as well as how to use it to develop business cases for key initiatives.

MeasuringAndManagingInformationRiskbookcover

“I want to help CISOs become more effective and gain greater respect and influence by providing them with the tools needed to speak to senior executives. Using quantitative risk analysis enables them to translate technical security concerns into financial terms that executives readily understand. Information protection and cybersecurity are major concerns in today’s board room and our new book will help bridge the communication gap.” – Jack Jones, co-author.

With financially derived results and defensible answers to key risk management questions, companies can more cost-effectively manage how often losses are likely to occur and how bad those losses are when they do occur.

Measuring and Managing Information Risk: A FAIR Approach may be purchased at Amazon.com or atStore.Elsevier.com

About The Author

Jack Jones
Jack Jones is the EVP of R&D and a Founder of RiskLens. He has worked in technology for over 30 years, the past 28 years in information security and risk management. He has a decade of experience as a Chief Information Security Officer (CISO) with three different companies, including a Fortune 100 financial services company. His work there was recognized in 2006 when he received the Information Systems Security Association (ISSA) Excellence in the Field of Security Practices award. In 2007, he was selected as a finalist for the Information Security Executive of the Year, Central United States, and in 2012, he was honored with the CSO Compass Award for leadership in risk management. Jones, who lives in Spokane, Washington, has served on the ISACA CRISC Certification Committee and RiskIT Task Force, as well as the ISC2 Ethics Committee. He is the author and creator of the Factor Analysis of Information Risk (FAIR) framework. He writes about that system in his book Measuring and Managing Information Risk: A FAIR Approach, which was inducted into the Cyber Security Canon in 2016, as a must-read in the profession.