Riding the Cyber Risk Quantification Wave to RSA Conference 2020

February 21, 2020  Jeff B. Copeland


Our team is heading to San Francisco for the big security show on a wave of interest and excitement in FAIR™, cyber risk quantification, and the movement to ground cyber risk management on a foundation of financial analysis.

RSA Conference organizers themselves named FAIR (Factor Analysis of Information Risk) one of the themes of the year in the RSAC 2020 Trend Report (see #7 “Frameworks, Frameworks, Frameworks”). FAIR is at the foundation of the RiskLens FAIR Enterprise Model, the outcomes-focused approach to cyber risk management just announced.  Earlier this month, influential advisory firm Gartner named RiskLens in a report on integrated risk management, predicting “growing scrutiny on cyber exposures will drive demand for security-related business risk quantification.”

This year, the RSA Conference has designated an unprecedented amount of agenda time to FAIR education:  Jack Jones, creator of the FAIR model and Chief Risk Scientist for RiskLens, will lead two four-hour introductory courses on FAIR on Monday, February 24.

Note: the Jack Jones seminars are included in a Complimentary Expo Pass through the FAIR Institute. Please use the code “10UFAIRXP” for your pass. To register using the complimentary code, you will log into this RSA Conference page and click the “Register Now” Button. On the next page, under “New Registrations” you will enter the registration code in the box and click “Start New Registration.”

Several more FAIR practitioners will lead other conference sessions, including:

Tuesday, February 25, 2:20 PM

Speaking to Executives: Implementing Quantitative Risk in Cyber-Programs, with federal government risk managers on the panel.

February 27, 8:00 AM

Maturing Cyber-Risk Management Practices: Framework and Next Steps by Jack Freund, Risk Science Director of RiskLens and co-author with Jack Jones of Measuring and Managing Information Risk, the FAIR bible.

February 27, 1:30 PM

What’s in Your Risk Assessment? With FAIR program managers from ADP and PNC Bank.

Before the conference, The RiskLens Academy, our training team for cyber risk quantification and FAIR, will lead a FAIR Analysis Fundamentals Training Course, Sunday and Monday, February 23-24 for FAIR beginners.  We’re holding a few seats for last-minute signups – register here.

Our partners, the FAIR Institute (RiskLens is technical advisor) host a breakfast meeting during the conference, February 26, 7:30 – 10:30 AM, featuring Jack Jones and two FAIR leaders from RiskLens clients: Ascena Retail Group CISO Mark Tomallo and Fannie Mae CISO Christopher Porter. The topic: “Building an Effective Cyber Risk Management Program that Actually Works.” (The FAIR Institute will be taping the event for posting on their website in the near future.)

The RiskLens team is looking forward to seeing you at any or all of these events. Contact us to arrange a meeting at RSAC20.