Preface by Jack Jones

Two questions and two lame answers. Those were the catalyst in 2001 for developing FAIR. At the time, I was the newly minted CISO for Nationwide Insurance, and I was presenting my proposed security strategy to senior executives in hopes of getting additional funding. One of the executives listened politely to what I had to say, and asked two “simple” questions:

1. How much risk do we have?

2. How much less risk will we have if we spend the millions of dollars you’re asking for?

If he had asked me to talk more about the “vulnerabilities”¹ we had or the threats we faced, I could have talked all day. Unfortunately (or, I guess, fortunately), he didn’t. He wanted to understand what he was going to get in return for his money. To ...

Get Measuring and Managing Information Risk now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Measuring and Managing Information Risk by Jack Freund, Jack Jones

Preface by Jack Jones

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly