Jack Freund is Head of Cyber Risk Methodology at VisibleRisk. He is a leading authority on cyber risk quantification and is the co-author of “Measuring and Managing Information Risk: A FAIR Approach,” which has become a global standard. He is an expert at using risk quantification to implement, mature, and sell information risk and security programs.
We spoke to Jack at length about the cyber risk quantification market, best practices for getting started in quantifying cyber risk, and how to communicate risk to the C-suite and board of directors.
- Why you should quantify cyber risk
- How risk quantification in financial terms helps shape and improve your security decision making
- The current and future state of the cyber risk quantification market
- Criticisms, challenges and improvements to the FAIR standard
- Lessons learned and what to avoid when beginning a cyber risk quantification effort
- How to communicate cyber risk to the C-suite and board of directors
The book Jack coauthored on quantifying risk (Measuring and Managing Information Risk: A FAIR Approach) was inducted into the Cybersecurity Canon in 2016 and he is ISACA’s 2018 John W. Lainhart IV Common Body of Knowledge Award recipient. Jack’s writings have appeared in the ISSA Journal and Bell Labs Technical Journal and he currently writes a column for the @ISACA newsletter.