Jack Jones, Founder and President, Risk Management Insight
Jack A. Jones is the Founder of Risk Management Insight and a Visiting Scientist at Interhack Corporation. During his past twenty-seven years in information technology, Jack developed particular expertise in risk management. As Chief Information Security Officer at a Fortune 100 financial services company, he developed Factor Analysis of Information Risk (FAIR)---an unparalleled framework for understanding, analyzing, and measuring information risk.
Today, Jack's expertise in risk management and his FAIR methodology for quantifying risk are applied in Fortune 10 energy, Fortune 100 financial services, Fortune 100 technology, and Fortune 500 retail companies.
Jack helps move forward the state of the industry by actively supporting his clients in the use of quantitative risk management and by supporting industry organizations. He was featured in an article on the 9 Habits of Highly Successful CISO's in the July 2006 edition of Information Security Magazine. His work in that year was also recognized when he received the 2006 ISSA Excellence in the Field of Security Practices award. In 2007, Jack was selected as a finalist for the Information Security Executive of the Year, Central United States, and was a judge for the national Information Security Executive of the Year competition. From 2008 to 2009 he was also an invited member of an international task force involved in developing one of ISACA's latest publications: Enterprise Risk: Identify, Govern and Manage Risk, The Risk IT Framework.
Jack's industry experience includes United States military, government intelligence, consulting, financial services, and insurance. Jack holds these ISC2 certifications: CISM, CISSP, CISA.
About National Institute of Standards and Technology
Ten years ago, the CISO of a Fortune 100 insurance and financial services company set out to find the answers to the questions facing our industry. The result of his effort was Factor Analysis of Information Risk, better known as FAIR.
From solving small risk analysis to helping develop entire information risk management programs, RMI has consistently helped solve the hard problems with our unique approach to risk management.