Jack Jones

Jack has worked in information security for over thirty-five years, ten years of which as a CISO with
three different companies, including a Fortune 100 company. His work was recognized in 2006 with the
ISSA Excellence in the Field of Security Practices award. In 2012 Jack received the CSO Compass
award for risk management leadership. Jack also had the privilege of participating in the ISACA task
force that created the original RiskIT framework, and he led the development of ISACA’s CRISC
certification program. An adjunct instructor at Carnegie Mellon University, he teaches in the CISO
executive program. Jack also created the “Factor Analysis of Information Risk” (FAIR) and FAIR-
CAM models which have been adopted as international standards for measuring risk. In 2015 he co-
authored a book on FAIR entitled “Measuring and Managing Information Risk, a FAIR Approach,”
which was inducted into the Cyber Security Canon in 2016.