The CXOWARE Blog

Welcome to the CXOWARE blog. We hope you’ll join us for lively and good natured discussion about risk and risk issues!  We’re risk geeks, plain and simple. We’re big advocates of the Factor Analysis of Information Risk (FAIR) framework for quantifying risk.

Announcing RiskCalibrator 1.1

The CXOWARE team is proud to announce version 1.1 of RiskCalibrator, our enterprise cybersecurity risk analysis application. The latest version adds new reporting abilities, cyber security budget tracking, and many other enhancements to improve...

Read More

Jack Jones at the RSA Conference 2/27 and 2/28

Our own Jack Jones is speaking at this weeks RSA Conference See him Thursday present “Ending Risk Management Groundhog Day” (10:40 AM – 11:40 AM | West | Room: 2011). Click to download the...

Read More

Groundhog Day

by: Jack Jones NOTE:  This post contains material that is part of a book on FAIR that I’m co-authoring with Jack Freund.  Please recognize that this material should be considered DRAFT in terms of...

Read More

Open FAIR Training

CXOWARE will be delivering a two-day training on FAIR-based risk analysis in conjunction with the Open Group conference in San Francisco Wednesday Feb. 5 and Thursday Feb. 6. This training is an ideal (and at...

Read More

NIST 800-30 – Room for Improvement

by: Jack Jones NIST’s risk assessment method follows a very logical process that should help analysts perform better, more consistent analyses.  And clearly, a lot of thought and effort went into its development.  That...

Read More

Richard Stiennon’s Presentation on Risk Management

By: Jack Jones Richard Stiennon recently posted a presentation on SlideShare called “Why Risk Management is Impossible” (http://www.slideshare.net/stiennon/risk-managementfalisitec13#).  Because I respect Richard’s intellect and experience I tend to take his proclamations seriously.  Consequently, I...

Read More

Already Certified?

What you need to know about the new Open FAIR Certification For many years CXOWARE has provided its own certification program to go along with the FAIR Analyst Training (both on-site and online). As...

Read More

I’m Writing a Book

by: Jack Freund Earlier this year my good friend Jack Jones and I entered into a contract with Elsevier imprint Butterworth-Heinemann to write a book on the risk assessment methodology FAIR. We will deliver...

Read More

A Question of Credibility

By: Jack Jones One of the concerns that people express regarding quantitative analysis is that, too often, people attribute undue credibility to any sort of quantitative analysis.  “If it’s in a spreadsheet, it must...

Read More

Tilting at Windmills (vol1)

By: Marty Miracle At the risk of sounding like I am just complaining to have something to complain about,  I am going to complain about something! I hate the concept of “inherent risk”! Whew, I...

Read More