Cyber Risk Quantification with Jack Jones: FAIR Model and Data Broker Privacy
N2K NetworksAugust 13, 202529 min608 views
23 connections·40 entities in this video→August 2025 Patch Tuesday Roundup
- 💻 Microsoft addressed over 100 vulnerabilities, including a critical GDI+ remote code execution flaw, though none appear actively exploited.
- 🚀 Intel, AMD, and Nvidia released numerous advisories, patching high-severity flaws in drivers, firmware, and AI tools that could lead to privilege escalation or data tampering.
- 🏭 In the industrial control system space, vendors like Schneider Electric and Honeywell fixed critical code execution and privilege escalation vulnerabilities.
- 📄 Adobe updated over 60 vulnerabilities across 13 products, many being critical code execution flaws.
- 🌐 Fortinet and Ivanti released security patches, including a critical Fortiweb bug allowing unauthenticated remote code execution.
Emerging Threats and Vulnerabilities
- 💬 The Matrix Foundation patched two high-severity vulnerabilities in its open-source federated communications protocol, which could allow attackers to seize control of channels or predict room IDs.
- 🇷🇺 Bitdefender Labs detailed "Curly Comrades," a Russian-aligned APT targeting critical infrastructure in Georgia and Moldova with custom malware and credential theft techniques.
- 🎮 Researchers uncovered a malware campaign hiding the NjRat Remote Access Trojan in a fake Minecraft clone, designed to steal passwords and personal data.
- 🏍️ Motorcycle manufacturer Royal Enfield reportedly suffered a ransomware attack, leading to a temporary suspension of online ordering and some workshop services.
- 💰 The US Department of Justice detailed a major operation against the BlackSuit Ransomware Group, seizing servers, domains, and over $1 million in cryptocurrency.
Cyber Risk Quantification with Jack Jones
- 💡 Jack Jones, father of FAIR and FAIR-CAM, discussed the evolution of cyber risk quantification, stemming from his early CISO challenges at Nationwide Insurance.
- 📊 The Factor Analysis of Information Risk (FAIR) model defines risk as a loss event scenario, enabling clearer measurement and better decision-making.
- 📈 FAIR has been adopted as an open standard, taught in universities, and supported by the FAIR Institute with 17,000 global members.
- 🤖 Jones highlighted that the FAIR model's resilience allows it to be applied to new threats like AI and evolving risk landscapes, as the fundamental nature of risk remains constant.
- 🤝 For organizations looking to adopt FAIR, Jones recommends thorough research through the FAIR Institute and The Open Group, and encourages reaching out to the community for support.
Data Broker Privacy Challenges
- 🔍 A review by The Markup found that many data brokers bury their opt-out pages, making it difficult for users to exercise their right to delete personal information, often using deliberate code to hide these pages from search engines.
Knowledge graph40 entities · 23 connections
How they connect
An interactive map of every person, idea, and reference from this conversation. Hover to trace connections, click to explore.
Hover · drag to explore
40 entities
Chapters11 moments
Key Moments
Transcript102 segments
Full Transcript
Topics13 themes
What’s Discussed
Cyber Risk QuantificationFAIR ModelFAIR-CAMPatch TuesdayVulnerability ManagementRansomwareAPTRemote Access Trojan (RAT)Data BrokersPrivacyMatrix ProtocolNISTCybersecurity
Smart Objects40 · 23 links
Concepts· 10
Companies· 17
Products· 9
Person· 1
Medias· 2
Event· 1