The CXOWARE Blog

Welcome to the CXOWARE blog. We hope you’ll join us for lively and good natured discussion about risk and risk issues!  We’re risk geeks, plain and simple. We’re big advocates of the Factor Analysis of Information Risk (FAIR) framework for quantifying risk.

Loss Table Webinar for the FAIR Community

Invitation to the FAIR (Factor Analysis of Information Risk) community: please join us for an educational webinar on how to simplify your loss magnitude estimates through the use of loss tables, and how to...

Read More

New Recorded Webinar on Risk Register

Jack Jones presented Reinventing the Risk Register: Correcting or Avoiding Problems That Can Cripple Cost-Effective Risk Management yesterday. We are pleased to provide both the recording and the slides. Should you have any questions...

Read More

If people managed their personal finances like information security manages risk

by: Jack Jones Imagine that you need to manage your personal finances, but there is one constraint in how you’re able to go about it, specifically: You can only measure income and spending using...

Read More

Announcing RiskCalibrator 1.1

The CXOWARE team is proud to announce version 1.1 of RiskCalibrator, our enterprise cybersecurity risk analysis application. The latest version adds new reporting abilities, cyber security budget tracking, and many other enhancements to improve...

Read More

Jack Jones at the RSA Conference 2/27 and 2/28

Our own Jack Jones is speaking at this weeks RSA Conference See him Thursday present “Ending Risk Management Groundhog Day” (10:40 AM – 11:40 AM | West | Room: 2011). Click to download the...

Read More

Groundhog Day

by: Jack Jones NOTE:  This post contains material that is part of a book on FAIR that I’m co-authoring with Jack Freund.  Please recognize that this material should be considered DRAFT in terms of...

Read More

Open FAIR Training

CXOWARE will be delivering a two-day training on FAIR-based risk analysis in conjunction with the Open Group conference in San Francisco Wednesday Feb. 5 and Thursday Feb. 6. This training is an ideal (and at...

Read More

NIST 800-30 – Room for Improvement

by: Jack Jones NIST’s risk assessment method follows a very logical process that should help analysts perform better, more consistent analyses.  And clearly, a lot of thought and effort went into its development.  That...

Read More

Richard Stiennon’s Presentation on Risk Management

By: Jack Jones Richard Stiennon recently posted a presentation on SlideShare called “Why Risk Management is Impossible” (http://www.slideshare.net/stiennon/risk-managementfalisitec13#).  Because I respect Richard’s intellect and experience I tend to take his proclamations seriously.  Consequently, I...

Read More

Already Certified?

What you need to know about the new Open FAIR Certification For many years CXOWARE has provided its own certification program to go along with the FAIR Analyst Training (both on-site and online). As...

Read More