BoC# 17: The Evolution of the Security Industry and Origins of the FAIR Model w/ Jack Jones

Jack Jones is one of the most well respected thought leaders in risk management and information security.  During his 30 years in the industry he has garnered a decade of experience as a CISO, including five years for a Fortune 100 financial services company. His work has also been recognized by his peers and the industry, earning him the 2006 ISSA Excellence in the Field of Security Practices award, and the 2012 CSO Compass Award for Leadership in Risk Management.

Jack is the originator of the now industry standard risk measurement model known as Factor Analysis of Information Risk (FAIR). FAIR has seen adoption globally, within organizations of all sizes, and is now regularly included in graduate-level university courses on information security and referenced by other industry standards. He also recently co-authored a book on FAIR entitled "Measuring and Managing Information Risk - A FAIR Approach", which has been inducted into the Cybersecurity Canon as a "must read" for professionals in the industry. Jack was also on the ISACA task force that developed the RiskIT framework, and he led the ISACA group that developed the CRISC certification.

Today, Jack is in charge of Research at RiskLens, Inc. and is a sought after speaker at national conferences and universities like Carnegie Mellon and Ohio State University. He is also the Chairman of The FAIR Institute (http://www.fairinstitute.org/), a non-profit organization led by information risk officers, CISOs and business executives to develop standard information risk management practices based on FAIR.