Risk

2/15/2018
01:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Fair Institute To Hold 3rd Annual Fair Conference (Faircon18) At Carnegie Mellon University, Oct. 14 -18, Focused On Advancing Cyber, Operational Risk Management

Carnegie Mellon University's Software Engineering Institute (SEI) and the Heinz College of Information Systems and Public Policy will host the industry's-leading conference focused on managing cyber and operational risk from a business perspective.

RESTON, VA and PITTSBURGH, PA, Feb. 12, 2018—The FAIR Institute, an expert, nonprofit organization led by information risk officers, CISOs and business executives to develop standard information and operational risk management practices, today announced it will hold its flagship event, the 3rd annual FAIR Conference (FAIRCON18), Oct. 14 – 18, on the campus of Carnegie Mellon University in Pittsburgh. Oct.

The FAIR Institute is helping organizations move from a compliance-based approach to cybersecurity toward a business-aligned, risk-driven methodology, leveraging the Factor Analysis of Information Risk (FAIR) standard, the internationally recognized standard for modeling and quantifying information and operational risk. 

FAIRCon18 will be hosted by Carnegie Mellon’s Heinz College and Software Engineering Institute and will bring together global leaders in information technology, cybersecurity, and IT management. The CERT cybersecurity Division of the SEI is the world’s leading trusted authority dedicated to improving the security and resilience of computer systems and networks, and highly regarded as a national asset in the field of information security. Heinz College offers the world’s number one ranked graduate program in Information Security, Policy, and Management, as well as groundbreaking executive education programs for CISOs and Chief Risk Officers.

Building on the success of the first two FAIR Conferences and a surge in FAIR Institute membership, now approaching 3,000 of the world’s leading security, technology and risk leaders, FAIRCON18 will officially expand in format to a multiple day event.

The event will feature in-depth training seminars, insightful presentations from industry leaders, candid executive and practitioner-led discussions and keynotes aimed at driving awareness, knowledge and the development of operational blueprints for building quantitative risk management programs. 

FAIRCON18 will attract C-suite officers and practitioners responsible for information and operational risk management decisions. The event will unite leaders in information and operational risk management to explore FAIR best practices that produce greater value and alignment with business goals. Interested parties are encouraged to register for the event as soon as possible as space is limited. 

To register visit: http://www.fairinstitute.org/faircon18

FAIRCON18 attendees will benefit by:

  • gaining strategic insight on information risk management from industry leaders;
  • learning about real-world implementations from FAIR Champions;
  • understanding how the FAIR standard is breaking down entrenched communication barriers between IT and the business, enabling cost-effective decision-making;
  • networking with industry peers; and
  • availing themselves of optional, in-depth FAIR training courses

About Carnegie Mellon University’s Heinz College

The Heinz College of Information Systems and Public Policy is home to two internationally recognized graduate-level institutions at Carnegie Mellon University: the School of Information Systems and Management and the School of Public Policy and Management. This unique colocation combined with its expertise in analytics set Heinz College apart in the areas of cybersecurity, health care, the future of work, smart cities, and arts & entertainment. In 2016, INFORMS named Heinz College the #1 academic program for Analytics Education. For more information, please visit www.heinz.cmu.edu.

About the FAIR Institute

The FAIR Institute is an expert, non-profit organization led by information risk officers, CISOs and business executives, created to develop and share standard information risk management practices based on FAIR. Factor Analysis of Information Risk (FAIR) is the only international standard analytics model for information security and operational risk. FAIR helps organizations quantify and manage risk from the business perspective and enables cost-effective decision-making. To learn more and get involved visit: www.fairinstitute.org.

###

Media Contact:

Stephen Ward

VP, Marketing

703.994.9349

[email protected]

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11763
PUBLISHED: 2018-09-25
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.
CVE-2018-14634
PUBLISHED: 2018-09-25
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerabl...
CVE-2018-1664
PUBLISHED: 2018-09-25
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache. ...
CVE-2018-1669
PUBLISHED: 2018-09-25
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote atta...
CVE-2018-1539
PUBLISHED: 2018-09-25
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than URL intended. IBM X-Force ID: 142561.