The CXOWARE Blog

Welcome to the CXOWARE blog. We hope you’ll join us for lively and good natured discussion about risk and risk issues!  We’re risk geeks, plain and simple. We’re big advocates of the Factor Analysis of Information Risk (FAIR) framework for quantifying risk.

Fixing the RCSA - Free Webinar

18 December, 2014

Risk and Control Self-Assessments (RCSA’s) are often considered to be an important part of the risk management process, particularly in the financial industry.  Unfortunately, many RCSA’s suffer from one or more serious problems that can result in management being misinformed about risk.  In this session, Jack Jones will describe:

Read More

Fixing the Risk & Control Self-Assessment (RCSA) - Free Webinar

10 November, 2014 Featured, Blog Posts

Risk and Control Self-Assessments (RCSA’s) are often considered to be an important part of the risk management process, particularly in the financial industry. Unfortunately, many RCSA’s suffer from one or more serious problems that can result in management being misinformed about risk. In this session, Jack Jones will describe:

Read More

Risk Team + Threat Intel Team = Dream Team

01 October, 2014 Featured, Blog Posts

‘Threat’ is the big InfoSec word of 2014. Threat, threat intelligence, and threat profiling continue to be common themes palpable at every InfoSec conference this year. It seems like just recently we were talking about our new Red Team and now already we’re already talking about the organization’s new Threat Intelligence unit. Understanding threats is not a new concept; however, this latest approach is increasingly valuable to organizations that understand the value proposition of InfoSec: our ability to estimate how often losses occur and how bad those losses are. (Hey, that’s why you’re reading this blog, right?)

Read More

Effective Communication of Cybersecurity Risk with the C-Suite and Boardroom Outlined by CXOWARE Founder

05 September, 2014 News, Featured, Blog Posts

CXOWARE, a cybersecurity risk analysis solutions provider, today announced the release of Measuring and Managing Information Risk: A FAIR Approach a book co-authored by Jack Jones, President and Co-Founder. When Jack Jones first became a CISO at Fortune 100 financial services company, he was unable to find the tools he needed to answer questions from the board of directors such as:

  1. How much risk do we have?
  2. How much less risk will we have if we spend the money you’re requesting?
Read More

Effective Communication of Cybersecurity Risk with the C-Suite and Boardroom Outlined by CXOWARE Founder

05 September, 2014

CXOWARE, a cybersecurity risk analysis solutions provider, today announced the release of Measuring and Managing Information Risk: A FAIR Approach a book co-authored by Jack Jones, President and Co-Founder. When Jack Jones first became a CISO at Fortune 100 financial services company, he was unable to find the tools he needed to answer questions from the board of directors such as:

Read More

The Evolution of FAIR - Free Webinar

01 August, 2014 Blog Posts

What started more than a decade ago as a small set of fundamental risk analysis concepts and a spreadsheet has evolved to a broad, systemic set of ontologies and a powerful enterprise-class SaaS application. Along the way, FAIR has been adopted by organizations of all sizes and established as an international standard.

Read More

CXOWARE Unveils RiskCalibrator 2.0

31 July, 2014 News, Featured, Blog Posts

CXOWARE, a cybersecurity risk analysis solutions provider, today announced the release of RiskCalibrator 2.0. Built from the proven flagship solution RiskCalibrator, this updated software platform boasts advanced features including powerful “what if” analysis, root cause analysis, and issue management.

Read More

Loss Table Webinar for the FAIR Community

09 July, 2014 Blog Posts

Invitation to the FAIR (Factor Analysis of Information Risk) community: please join us for an educational webinar on how to simplify your loss magnitude estimates through the use of loss tables, and how to use them when quantifying risk management. http://bit.ly/LossTableWebinar

Read More

New Recorded Webinar on Risk Register

28 May, 2014 Featured, Blog Posts

Jack Jones presented Reinventing the Risk Register: Correcting or Avoiding Problems That Can Cripple Cost-Effective Risk Management yesterday. We are pleased to provide both the recording and the slides. Should you have any questions please submit them below.

Read More

If people managed their personal finances like information security manages risk

29 April, 2014 Blog Posts

Imagine that you need to manage your personal finances, but there is one constraint in how you’re able to go about it, specifically:

You can only measure income and spending using qualitative values (e.g., High, Medium-High, Medium, Medium-Low, and Low). There are no monetary figures involved.

Read More