Skip to content



Track: Decision & Risk Analysis

From Shamanism to Science — An Introduction to Factor Analysis of Information Risk

Monday, April 12, 4:30-5:10pm EDT

Cybercrimes profoundly affect their victims’ lives and the victimized organizations’ bottom lines. Unfortunately, the shiny tools and “best practice” checklists that comprise cyber risk management are more akin to medieval bloodletting — pernicious practices based on bad reasoning — than to sound analysis and critical thinking. After detailing the deficiencies of current practices, this talk presents Factor Analysis of Information Risk (FAIR), the field’s fastest-growing, most successful cybersecurity risk model — one tested in practice, grounded in sound theory, established as an international standard, and adopted by 40% of the Fortune 1000. Illustrated with use-cases and examples, you will learn to spot unreliable risk measurements and to help your company understand, measure, and manage cyber risk.

Jack Jones image

Jack Jones

Jack Jones

Chairman at The FAIR Institute; Co-founder & Chief Risk Scientist at RiskLens

Jack has worked in information security for over thirty-five years, including ten years of experience as a CISO with three different companies, including a Fortune 100 company. His work was recognized in 2006 with the ISSA Excellence in the Field of Security Practices award. In 2012 Jack received the CSO Compass award for risk management leadership. An adjunct professor at Carnegie Mellon University, he teaches in the CRO and CISO executive programs. Jack also created the “Factor Analysis of Information Risk” (FAIR) model adopted as an international standard. Currently, Jack is the Chief Risk Scientist at RiskLens and Chairman of the FAIR Institute, an award-winning global non-profit organization. He has also co-authored a book on FAIR entitled “Measuring and Managing Information Risk, A FAIR Approach,” which was inducted into the Cyber Security Canon in 2016.