Today I had an interesting conversation with Jack Jones. This is Jack’s second time on the show and I loved our discussion. It is a gem of learning and is packed with information that you can use right away. Jack was one of the first CISOs in the United States and he is the inventor of the FAIR model for analyzing Information Security Risk. Jack’s bio is extensive and here is a short list of his accomplishments.
How can I lower and reduce the Signal to Noise Ratio in my IT Security Program?
How can I apply rigorous and precise thinking to my IT Sec Program?
How can I quantify loss exposure within my IT Sec program?
So many people want to discuss how the pace of technology innovation is increasing complexity and also causing mistakes to happen. Many of them are human error. Not many people want to discuss how to solve this problem and how to deal with it.
Jack is different and his main goal is to slow down and apply logical and critical thinking to the process.
Jack Jones is widely considered a thought leader in risk management and information security. Jack has been employed in technology for the past thirty years; specializing in information security and risk management for twenty-four of those years. During this time he has garnered a decade of experience as a CISO, including five years for a Fortune 100 financial services company. His work has also been recognized by his peers and the industry, earning him the 2006 ISSA Excellence in the Field of Security Practices award, and the 2012 CSO Compass Award for Leadership in Risk Management. Jack is the originator of the now industry standard risk management framework known as Factor Analysis of Information Risk (FAIR). FAIR has seen adoption globally, within organizations of all sizes, and is now regularly included in graduate-level university courses on information security and referenced by other industry standards. He also recently co-authored a book on FAIR entitled “Measuring and Managing Information Risk – A FAIR Approach“. Today, Jack is the President of CXOWARE, Inc., serves on committees for both ISC(2) and ISACA, and is a regular speaker for national conferences.