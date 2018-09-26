RESTON, Va., Sept. 26, 2018 (GLOBE NEWSWIRE) -- The FAIR Institute, an expert, nonprofit organization led by information risk officers, CISOs and business executives to develop standard information and operational risk management practices, will be hosting its annual FAIR Conference (FAIRCON18) as a movement central for "cyber risk economics," the revolutionary approach to measuring and managing information risk enabled by the Factor Analysis of Information Risk (FAIR) model. The conference will be held October 16 and 17 in Pittsburgh, PA, co-hosted by Carnegie Mellon University's Software Engineering Institute and Heinz College of Information Systems and Public Policy, world centers for information security studies.



FAIR is the most widely accepted cyber value-at-risk (VaR) standard for measuring cybersecurity and operational risk in financial terms, freeing the risk profession from seat-of-the-pants qualitative estimation and opening the door to treating cyber risk on the same economic basis as other risk disciplines.

The FAIR Institute is a non-profit, professional organization that shepherds the FAIR standard and spreads the FAIR message through its website, training tools, university program, technology partnerships and extensive speaking engagements. Institute membership passed 3,500 in September of 2018, doubling in just one year. Institute Chairman Jack Jones is the creator of FAIR and author of Measuring and Managing Information Risk: A FAIR Approach . The Institute board recently added two prestigious new members: Zulfikar Ramzan , CTO at RSA Security, and Kim Jones , director, Cybersecurity Education Consortium at Arizona State University.

At current adoption rates, FAIR is projected to be in use at 30% of the Fortune 1000 by 2020, and FAIRCON18 is a strong indicator of that enthusiasm. The agenda includes presentations and participation from TIAA, E*TRADE Financial, MassMutual, Express Scripts, Bank of America, ADP and Fidelity. Some presentations of note include:

CISO Omar Khawaja's presentation on "Reporting to the Board: What got you here, won't get you there" Additional panels and presentations covering topics from cyber insurance coverage to ransomware response

The conference also offers two days of on-site training in hands-on application of the FAIR model, held on October 14 and 15.

"Time and risk wait for no one, and we're historically really bad at managing both," said Jack Jones. "In terms of risk, time lost in confusion or miscommunication can be an existential threat to business. What has been missing for so many, is a common yardstick for measuring risk, and a common lexicon for communicating what's truly at risk across the business. FAIR has proven itself a lingua franca for risk management, as evidenced by the collection of minds and influencers we've attracted to our organization, and the thirst of practitioners for learning the lessons they teach. We're very much looking forward to the lessons we all learn from each other at FAIRCON18."

About the FAIR Institute

The FAIR Institute is an expert, non-profit organization led by information risk officers, CISOs and business executives, created to develop and share standard information risk management practices based on FAIR. Factor Analysis of Information Risk (FAIR) is the only international standard analytics model for information security and operational risk. FAIR helps organizations quantify and manage risk from the business perspective and enables cost-effective decision-making. To learn more and get involved visit: www.fairinstitute.org .