9      0

(ISC)² Security Congress 2021 - Career Center & Recordings

1778549 - Introduction to the Factor Analysis of Information Risk (FAIR) risk quantification standard

Oct 19, 2021 11:45am ‐ Oct 19, 2021 12:45pm

Credits: None available.


In 2020, FAIR Institute membership passed 10,000, representing more than 40% of the Fortune 1000, and spanning 118 countries. In only five years, use of this open standard approach to risk quantification has reached critical mass and is now recognized by NIST, COSO and HITRUST. Boardrooms are increasingly averse to risk colors and heat maps using ambiguous, ordinal scales. For centuries, the language of business risk has been in dollars and time. IT and cybersecurity risk must embrace the next evolutionary step and learn to speak this language with accuracy and confidence. This session will explore foundational measurement and quantification concepts, failures of current models and enlightening research. It will also introduce the global standard Factor Analysis of Information Risk (FAIR) concepts and ontology.

Learning Objectives:
  • Solidify understanding of typically ambiguous terms and concepts surrounding current IT risk management practice.
  • Demonstrate the failures of current qualitative risk management standards and processes.
  • Understand the basic concepts of the FAIR risk quantification framework and how its use can integrate IT/cyber risk into the broader business risk construct and discussion.


  • John R. Feezell, CISSP, PMP, Open FAIR, Program Manager, Client Trust, Risk, and Compliance, Kyndryl
Tags: Intermediate


  • 1.00 - CPE

You must be logged in and own this session in order to post comments.