Podcasts about factor analysis

  • 35PODCASTS
  • 61EPISODES
  • 37mAVG DURATION
  • 1MONTHLY NEW EPISODE
  • Mar 4, 2025LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about factor analysis

Latest podcast episodes about factor analysis

Quantitude
S6E16 Correspondence Analysis

Quantitude

Play Episode Listen Later Mar 4, 2025 46:41


In this week's episode Greg and Patrick shine a flashlight on correspondence analysis and find that this is an extraordinarily cool yet often neglected method similar to factor analysis but applied to nominal contingency tables. Along the way they also discuss online personality tests, marital therapy, modern antibiotics, the Newlywed Game, grand slams, the advantages of being flexible, disrespecting nominal variables, formally apologizing to linguists, Winnie the Pooh, VH1's Pop-Up Video, the witches of Macbeth, Wait Wait Don't Tell Me, and the downsides of Novocaine. Stay in contact with Quantitude! Web page: quantitudepod.org TwitterX: @quantitudepod YouTube: @quantitudepod Merch: redbubble.com

Quantitude
S6E14 Factor Rotation: But is it Art?

Quantitude

Play Episode Listen Later Feb 4, 2025 42:57


In this week's episode Greg and Patrick invoke the very personal interpretation of modern art as a framework for thinking about the exceedingly cool topic of rotation in exploratory factor analysis. Along the way they also discuss Venice Beach, haystacks, drug fronts, being insufferable, ignoramuses, .22's and stop signs, weak pivots, honking factors, pooping out matrices, the Gulf of America, twitchy eyeballs, big fat zeros, obliquity, and Extortomax.  Stay in contact with Quantitude! Web page: quantitudepod.org TwitterX: @quantitudepod YouTube: @quantitudepod Merch: redbubble.com

ACCA Insights
Risk culture: Accounting for cyber attack losses

ACCA Insights

Play Episode Listen Later Jul 23, 2024 15:25


In this episode we speak with Nick Sanna, founder of the FAIR Institute and President of Safe Security, about using the Factor Analysis of Information model, the only international standard for quantifying and accounting for cybersecurity and operational risks, including pervasive third-party risks as the world witnessed with the CrowdStrike incident. Nick explains how healthcare organisations in particular could be using this at scale to better assess and manage potential cyber incidents, considering the high-profile cyber attacks at United Health and the UK's NHS and, indeed, our current research on risk management in the healthcare sector.

ACCA Insights
Risk culture: Accounting for cyber attack losses

ACCA Insights

Play Episode Listen Later Jul 23, 2024 15:25


In this episode we speak with Nick Sanna, founder of the FAIR Institute and President of Safe Security, about using the Factor Analysis of Information model, the only international standard for quantifying and accounting for cybersecurity and operational risks, including pervasive third-party risks as the world witnessed with the CrowdStrike incident. Nick explains how healthcare organisations in particular could be using this at scale to better assess and manage potential cyber incidents, considering the high-profile cyber attacks at United Health and the UK's NHS and, indeed, our current research on risk management in the healthcare sector.

Really Charlie
Deals Danger Destiny By John Lacasse

Really Charlie

Play Episode Listen Later May 29, 2024 62:06


About the author of "DEALS DANGER DESTINY"So, if you thought a Renaissance Man was a thing of the past, think again. That opening quote was made by Dr. John LaCasse, who has ricocheted through life with ups and downs - ultimate highs and dismal lows. This high ridge walker from Montana became a wizard of wealth in Seattle as a successful yacht broker for 25 years. It brought him into relationships with business magnates such as Boeing, and Weyerhaeuser, political figures such as Secretary of State George Shultz, actor Gene Hackman, Prince Rainier III of Monaco, oceanographer Jacques Cousteau, Adriana Salinas de Gortari, and organized crime bosses Meyer Lansky and Johnny Carbone.Fast and Furious with Penthouse style, fast cars, and outlaw bikers…Being handed checks in the millions, drinking and smoking to excess—it was all real until one day it hit him: “Why am I living this life? Why am I letting this happen?”Even though marriage and fatherhood provided new sources of happiness and responsibility, the loss of two sons brought unimaginable grief. The piles of money meant nothing. Curiosity and education meant everything. John returned to school in middle age, but his attitude got him kicked out of three universities as he became reacquainted with "Who has the power." John ultimately prevailed with three terminal degrees including a Ph.D., in Education eLearning.Fearless John has waded into more than one situation with some interesting results. On a large transaction involving a meeting with the Chairman of Native Northwest Tribes, he realized he had no experience with Native Americans. When he showed up for the meeting, the tribal chairman motioned for John to take his seat across from him. John sat. The Chairman sat. They stared at each other. John raised his right hand and said, “How.” The Chairman leaned in and in a soft voice replied, “I have a master's degree, and I'm writing my Ph.D. dissertation on Biomass at the University of Washington, and I speak English.” That became a friendship that lasts to this day, and John carries a Chief Honor Blanket from The Confederated Tribes of the Colville Reservation. ******************John LaCasse is the founding principal of Silvertip Research. A team organization connected through companion disciplines in Factor Analysis for Statistics, Economics, Econometrics, eLearning, and Education. He is a private pilot on land and sea. CAPT United States Merchant Marines. --- Send in a voice message: https://podcasters.spotify.com/pod/show/charles-perry/message

Quantitude
S5E21 Multilevel Factor Analysis: But What Do The Factors Mean?!

Quantitude

Play Episode Listen Later Apr 9, 2024 47:28


In this week's episode, Greg and Patrick talk about the challenges of combining confirmatory factor analysis and multilevel data, and the underappreciated but absolutely critical role that theory plays in choosing the proper model for your constructs. Along the way they also discuss learning in a second language, torn meniscuseseses, concert C trumpets, nosy neighbors, forts of equations, artillery commanders, saluting cadets, the huffing closet, Hungry Hungry Hippos, Rock'em Sock'em Robots, lactose intolerance, Greg's ATM PIN, our circle of friend, and configural configurations. Stay in contact with Quantitude! Twitter: @quantitudepod Web page: quantitudepod.org Merch: redbubble.com

Level Up with Joshea
Here's why you keep being mistreated by Men. “The IT Factor Analysis”

Level Up with Joshea

Play Episode Listen Later Mar 24, 2024 30:55


Quantitude
S5E08 Confirmatory Composite Analysis: Enter the Hexagon

Quantitude

Play Episode Listen Later Nov 14, 2023 48:58


In today's episode, Greg and Patrick dig into Confirmatory Composite Analysis, a very clever way to get formative factors and their causal indicators into the traditional structural equation modeling framework, along with any other latent factors and their effect indicators that might already be in the model. Along the way they also mention full-contact Wordle, being grounded, spelling bees, state capitals, definitions of leadership, a many ways, rabbit or duck, set of steak knives, canonical correlation vs. Homer Simpson, secret sauce, Quantitude Word of the Day, Who's a good boy?, the man behind the curtain, Penn and Tellering, a new symbol, Beavis, and car stereo wiring diagrams.Stay in contact with Quantitude! Twitter: @quantitudepod Web page: quantitudepod.org Merch: redbubble.com

Quantitude
S5E07 Perspectives on Formative Factors & Causal Indicators

Quantitude

Play Episode Listen Later Nov 7, 2023 47:36


In today's episode, Patrick and Greg talk about the challenge of having causal indicators of formative factors within an analytical framework that is historically dominated by effect indicators and latent factors — and the critical importance of getting your arrows right. Along the way they also mention: self help books, habits, Hagrid and the giants, When Arrows Attack, The Handbook of SEM, the evil eye factor, defining your terms, the meaning of IS, minority reports, putting your fist through the office wall, lawyering, being deposed, How does it know?, doubling down, and bad JFK impressions. Stay in contact with Quantitude! Twitter: @quantitudepod Web page: quantitudepod.org Merch: redbubble.com

Quantitude
S5E06 Advanced Factor Structures

Quantitude

Play Episode Listen Later Oct 31, 2023 46:32


In today's episode, Patrick and Greg talk about fun extensions to the basic confirmatory factor model, including higher order models, bifactor or residualized models, and multitrait-multimethod models. Along the way they also mention microscope lab, burning ants, substitute teaching, Cool or Creepy?, Monet, Clueless, haystacks, hotdogs, What are you thinking?, pennies and pounds, party like it's 1904, potluck freeloaders, lips and a**holes, promiscuous models, and shock absorbers. Stay in contact with Quantitude! Twitter: @quantitudepod Web page: quantitudepod.org Merch: redbubble.com

Federal Drive with Tom Temin
How to quantify risk to your information so you can manage it better

Federal Drive with Tom Temin

Play Episode Listen Later Oct 11, 2023 9:24


You can't manage what you can't measure. That's the idea behind a professional association known as the FAIR Institute. FAIR stands for Factor Analysis of Information Risk. The group seeks to advance quantitative measurement and management of risk to information, including in federal organizations. To learn more about what information keepers need to know, Federal Drive Host Tom Temin spoke with the founder of the FAIR Institute, Nick Sanna. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Federal Drive with Tom Temin
How to quantify risk to your information so you can manage it better

Federal Drive with Tom Temin

Play Episode Listen Later Oct 11, 2023 9:39


You can't manage what you can't measure. That's the idea behind a professional association known as the FAIR Institute. FAIR stands for Factor Analysis of Information Risk. The group seeks to advance quantitative measurement and management of risk to information, including in federal organizations. To learn more about what information keepers need to know, Federal Drive Host Tom Temin spoke with the founder of the FAIR Institute, Nick Sanna. Learn more about your ad choices. Visit megaphone.fm/adchoices

Capability-Centric GRC & Cyber Security Podcast
Implementing Factor Analysis of Information Risk, with Tyler Britton, Cyber Risk Manager at Dropbox | GRC & Cyber Leaders

Capability-Centric GRC & Cyber Security Podcast

Play Episode Listen Later Mar 1, 2023 40:15


In this podcast edition, Tyler Britton, Cyber Risk Manager at Dropbox, joins Matthew Davies, VP of Product at SureCloud, to discuss Factor Analysis of Information Risk methodology and how he has embedded it in his organization, Dropbox. He explains his role as a Quantitative Cyber Risk Manager and goes through the challenges and benefits of implementing Factor Analysis of Information Risk (FAIR) methodology in organizations.

Caffeinated Risk
FAIR and ESRM, exploring common ground with Jack Freund

Caffeinated Risk

Play Episode Play 51 sec Highlight Listen Later Feb 23, 2023 38:12


Factor Analysis of Information Risk (FAIR) and Enterprise Security Risk Management (ESRM) took different evolutionary paths yet share a lot more commonality than catchy 4 letter acronyms and  mainstream adoption by notable organizations like NIST, The Open Group and ASIS international.  Jack Freund personifies the term "risk management thought leader" with professional qualifications and public recognitions too long to list, but co-author of Measuring and Managing Information Risk can't go unmentioned since industry peers inducted this seminal title into the Cybersecurity Cannon.   With risk management discussions ranging from banking  to defeating door locks, Dr. Freund was consistently insightful, humorous, and a delightful guest.

Value Hive Podcast
Dede Eyesan: How To Find Stocks That Return 10x in 10 Years

Value Hive Podcast

Play Episode Listen Later Jan 20, 2023 82:04


Hey Guys! This week's topic is about global outperformers and our guest Dede Eyesan is here to share his knowledge. Last year, Dede published a book titled Global Outperformers, where he studied listed companies that returned more than 1,000% in 10 years. Throughout this episode we get to know who Dede Eyesan is, the process of researching 10 baggers, what are some similarities 10 baggers share between themselves, the differences between a profitable vs an unprofitable 10 bagger, differences between geographies and how we should implement the lessons learned. Make sure to follow Dede on Twitter. Here is the time stamp below: [0:00] Who is Dede Eyesan? [6:00] Researching Companies that are 10 baggers. [8:00] Factor Analysis on 10 baggers. [16:00] Unprofitable Companies vs Profitable Companies [20:00] Results of Market Cap vs Returns [23:00] Returns and Geography: India [35:00] Chinese Outperformers [45:00] Japanese Outperformers [55:00] Swedish Outperformers [1:01:00] Implementing the Lessons Learned [1:15:00] More from Dede and Closing Questions Finally, a big thanks to the following sponsors for making the podcast a reality! Mitimco This episode is brought to you by MIT Investment Management Company, also known as MITIMCo, the investment office of MIT. Each year, MITIMCo invests in a handful of new emerging managers who it believes can earn exceptional long-term returns in support of MIT's mission. To help the emerging manager community more broadly, they created emergingmanagers.org, a website for emerging manager stockpickers. For those looking to start a stock-picking fund or just looking to learn about how others have done it, I highly recommend the site. You'll find essays and interviews by successful emerging managers, service providers used by MIT's own managers, essays MITIMCo has written for emerging managers and more! Tegus Tegus has the world's largest collection of instantly available interviews on all the public and private companies you care about. Tegus actually makes primary research fun and effortless, too. Instead of weeks and months, you can learn a new industry or company in hours, and all from those that know it best. I spend nearly all my time reading Tegus calls on existing holdings and new ideas. And I know you will too. So if you're interested, head on over to tegus.co/valuehive for a free trial to see for yourself. TIKR TIKR is THE BEST resource for all stock market data, I use TIKR every day in my process, and I know you will too. Make sure to check them out at TIKR.com/hive --- Support this podcast: https://anchor.fm/valuehive/support

Astro arXiv | all categories
Quasar Factor Analysis -- An Unsupervised and Probabilistic Quasar Continuum Prediction Algorithm with Latent Factor Analysis

Astro arXiv | all categories

Play Episode Listen Later Nov 23, 2022 1:14


Quasar Factor Analysis -- An Unsupervised and Probabilistic Quasar Continuum Prediction Algorithm with Latent Factor Analysis by Zechang Sun et al. on Wednesday 23 November Since their first discovery, quasars have been essential probes of the distant Universe. However, due to our limited knowledge of its nature, predicting the intrinsic quasar continua has bottlenecked their usage. Existing methods of quasar continuum recovery often rely on a limited number of high-quality quasar spectra, which might not capture the full diversity of the quasar population. In this study, we propose an unsupervised probabilistic model, textit{Quasar Factor Analysis} (QFA), which combines factor analysis (FA) with physical priors of the intergalactic medium (IGM) to overcome these limitations. QFA captures the posterior distribution of quasar continua through generatively modeling quasar spectra. We demonstrate that QFA can achieve the state-of-the-art performance, $sim 2%$ relative error, for continuum prediction in the Ly$alpha$ forest region compared to previous methods. We further fit 90,678 $2

Astro arXiv | all categories
Quasar Factor Analysis -- An Unsupervised and Probabilistic Quasar Continuum Prediction Algorithm with Latent Factor Analysis

Astro arXiv | all categories

Play Episode Listen Later Nov 22, 2022 0:58


Quasar Factor Analysis -- An Unsupervised and Probabilistic Quasar Continuum Prediction Algorithm with Latent Factor Analysis by Zechang Sun et al. on Tuesday 22 November Since their first discovery, quasars have been essential probes of the distant Universe. However, due to our limited knowledge of its nature, predicting the intrinsic quasar continua has bottlenecked their usage. Existing methods of quasar continuum recovery often rely on a limited number of high-quality quasar spectra, which might not capture the full diversity of the quasar population. In this study, we propose an unsupervised probabilistic model, textit{Quasar Factor Analysis} (QFA), which combines factor analysis (FA) with physical priors of the intergalactic medium (IGM) to overcome these limitations. QFA captures the posterior distribution of quasar continua through generatively modeling quasar spectra. We demonstrate that QFA can achieve the state-of-the-art performance, $sim 2%$ relative error, for continuum prediction in the Ly$alpha$ forest region compared to previous methods. We further fit 90,678 $2

Quantitude
S4E05 Moderated Nonlinear Factor Analysis: A Conversation with Dan Bauer

Quantitude

Play Episode Listen Later Oct 11, 2022 56:48 Transcription Available


In this week's episode Patrick and Greg spend a wonderful, if not at times awkward, hour talking with Dan Bauer about the genesis, application, and future directions of what may be the world's worst acronym: MNLFA, or moderated nonlinear factor analysis. Along the way they also mention unsolicited help from teenagers, gold stars, acronyms, words that start with "ci", aggressive mice, manipulating your advisors, 2nd spouses, MoNoLiFa, Quantitube, rewiring your brain, $1M calculators, and mod mod.

Contabilidade Conectada
Ciência Aberta #72 - Factor Analysis dos Determinantes Globais de Ratings do Risco Soberano Aplicado ao Brasil

Contabilidade Conectada

Play Episode Listen Later Jul 31, 2022 85:02


Episódio da Série Ciência Aberta, conversando sobre a pesquisa de dissertação de mestrado do PPGCont/UnB: Factor Analysis dos Determinantes Globais de Ratings do Risco Soberano Aplicado ao Brasil: Relevância dos Ciclos Políticos Eleitorais nas Avaliações de Crédito. Pesquisador: Valdemir Regis Ferreira de Oliveira (UnB). Orientador: Prof. Paulo Augusto Pettenuzzo de Britto, PhD (UnB). Apresentadora: Hellen Rayanne de Brito Reis (Graduanda em Ciências Contábeis/UnB). Link: http://www.ppgcont.unb.br/images/Dissertacoes/053_Dissertacao_Risco_Soberano_versao-final_Valdemir_Regis_Ferreira.pdf

People Analytics Deconstructed
Analytics in Practice: Using Factor Analysis to Evaluate Engagement Surveys, Part 2

People Analytics Deconstructed

Play Episode Listen Later Jul 22, 2022 27:59


In this episode, co-hosts Jennifer Miller and Ron Landis continue their conversation about developing a measure of employee engagement. This episode is the second part of a discussion about how to use a statistical technique called factor analysis to examine the dimensions of employee engagement.In this episode, we had conversations around these questions:  What is rotation in factor analysis?How do we determine the number of factors to retain?How do we identify which items load on which factors? How do we interpret results? Key Takeaways:  We should look at the results after rotating the initial solution. Factor rotation can be orthogonal or oblique. Oblique solutions allow for correlations between factors and orthogonal solution force them to remain independent. In most situations, we would likely start with an oblique rotation. We can determine the number of factors using a few different approaches. Kaiser's criterion retains factors with eigenvalues greater than 1.00. A scree plot visualizes the eigenvalues of each factor from largest to smallest. We look for where the plot “flattens out” to determine the number of factors to retain. A parallel analysis simulates results from random data that have the same structure as our focal data (i.e., same number of observations and items) and produces associated eigenvalues. We compare our observed eigenvalues to those produced through the parallel analysis and retain those in which our eigenvalues are greater. When we associate a given item to a particular factor, we are looking for the largest loading. We generally set a cut of at least .30 or .40 to associate an item with a factor. If an item has no loadings higher than our cut, we will say the item doesn't load on any factor and discard from further analysis. If an item has a high loading on multiple factors, we will seek to understand why and may choose to either drop or retain the item based on the context.We ended the episode by briefly talking about confirmatory factor analysis (CFA) as an alternative to EFA.

MyPersonalFeed
15 - EM Algorithm & Factor Analysis

MyPersonalFeed

Play Episode Listen Later Jul 13, 2022 79:47


15 - EM Algorithm & Factor Analysis

People Analytics Deconstructed
Analytics in Practice: Using Factor Analysis to Evaluate Engagement Surveys, Part 1

People Analytics Deconstructed

Play Episode Listen Later Jul 8, 2022 28:32


In this episode, co-hosts Jennifer Miller and Ron Landis continue their conversation about developing a measure of employee engagement. In this episode they focus on how to use a statistical technique called factor analysis to examine the dimensions of employee engagement. In this episode, we had conversations around these questions:  What is factor analysis?  What is the difference between exploratory factor analysis (EFA) and confirmatory factor analysis (CFA)? What is the difference between an EFA and principal components analysis (PCA)? What format should the data be in to complete the EFA?  How does EFA work?  What is a loading matrix?  Key Takeaways:  A factor analysis is useful to determine whether you are measuring what you intend to measure with a survey. We continue our example of measuring engagement with four dimensions (satisfaction with manager, satisfaction with co-workers, satisfaction with compensation, satisfaction with working conditions). There are three main aspects to conducting an EFA. First, you need to decide on the type of analysis (I.e., PCA, EFA). Second, you need to rotate the solution. Third, you need to interpret the results. In this episode, we cover the first and part of the second steps in EFA.  We also discussed the concept of a loading matrix. First, each item is correlated with each factor. Each correlation can be squared to get the percentage of variance explained. Second, the sum of all the squared values down a column are computed, which is the eigenvalue. Third, communality is determined by summing across the row for each item. Finally, the uniqueness can be computed by 1-communality.  The ultimate goal is to associate each item with a factor. The initial solution will almost never allow us to see the underlying structure. The concept of rotation was briefly mentioned and is covered in additional detail in the next episode.  

Portfolio Construction Forum
We must invest with a multi-factor mindset

Portfolio Construction Forum

Play Episode Listen Later Jun 17, 2022 23:06


Over the last couple of years, the value and growth styles in equity markets have traded dominance, with value recently gaining the upper hand as inflation and bond yields have increased sharply. But looking at funds through a simple value/growth style lens is not enough. We must take a multi-factor approach to analysing funds – including ESG, Quality, Size, amongst others – to reveal the full picture and ensure equity portfolios reflect the investor's longer-term philosophy and/or shorter term views. - Michael Furey, Delta Research & Advisory. Earn 0.50 CE/CPD hrs on Portfolio Construction Forum

The Get Cyber Resilient Show
Ep 88 | CISO persona types - with Mark O'Hare, APAC CISO at Mimecast

The Get Cyber Resilient Show

Play Episode Listen Later Feb 28, 2022 35:17


This week we are joined by Mimecast's Regional CISO for APAC, Mark O'Hare, who shines a light on the three common CISO persona types (the technical, the compliance, and the risk focused), their trademark strengths and how these personas can influence an organisation. We also discuss how and why MITRE ATT&CK Framework is useful and the utility of FAIR or Factor Analysis of Information Risk - including its strengths and where it falls short.

Ruminations..
Ramayan & Factor Analysis

Ruminations..

Play Episode Listen Later Jan 3, 2022 17:31


We talk about Results & Sacrifices. --- Send in a voice message: https://anchor.fm/anupam-mishra8/message

Nightshift Thoughts
CONAH EP2 - Multiple Factor Analysis

Nightshift Thoughts

Play Episode Listen Later Nov 11, 2021 45:40


There are multiple factors we have to take into consideration when thinking about all things COVID, vaccinations and lockdowns. It's not as simple as believing that COVID-19 is the most deadly thing out there and how we are making rules based off of this justification that the negatives are outweighed by some greater positive, this is called applying single factor. Majority of things in life require you to apply a multiple factor analysis, take driving a car for example however, today I will discuss some of the most important factors that we have to take into consideration in these recent times. These include factors such as is it really about health, personal freedom, economy, mental health, statistics and the repercussions of decisions.

Quantitude
S3E06: Item Parcels: What Could Possibly Go Wrong?!

Quantitude

Play Episode Listen Later Oct 12, 2021 51:58


In today's episode Patrick & Greg talk about the use of item parcels in latent variable modeling: what they are, what might motivate you to use them, and what unexpected complications can arise. Along the way they also mention wheel extenders, walking toward the light, logorrhea, party bands, corpse sniffing dogs, boxes of human heads, academic dunking, getting uppity, crane kicks, mic drops, and Sonya sweeping the leg. 

Quantitude
S3E03: Principal Components Analysis is your PAL

Quantitude

Play Episode Listen Later Sep 21, 2021 58:03


Greg and Patrick discuss Principal Components Analysis: what it is, what it absolutely isn't, and what kind of cool things it can do in its own right. Along the way, they discuss Twinkle Twinkle Little Star, the division symbol, Spider Pig, croissants & skewers, doing a nickel in the big house, jumping the starter solenoid, Ptolemy the Weenie, two fingers of whiskey, embracing the "but", the sexual lubricant data base, stylometry, bitcoin forensics, and bad Yelp reviews. 

Everything Kratom
Episode 14 - 8 Factor Analysis of Kratom and its Alkaloids

Everything Kratom

Play Episode Listen Later Sep 20, 2021 24:44


Today we look at a report published recently, "The Abuse Potential of Kratom According to the 8 Factors of the Controlled Substances Act: Implications for Regulation and Research" What are the findings from researchers around the world? There were a few interesting studies of note which I share with you on this episode. Check out the Everything Kratom Discord channel here! https://discord.gg/tTy4N4E2 --- Send in a voice message: https://anchor.fm/everything-kratom/message Support this podcast: https://anchor.fm/everything-kratom/support

CISO Tradecraft
CISO Tradecraft: More Risky Business with FAIR

CISO Tradecraft

Play Episode Listen Later Sep 17, 2021 42:53


In our 31 July 2021 Episode 42, Risky Business, we covered the basics of risk and risk assessment. This part 2 episode gets into the practical application of risk management using the FAIR model, or Factor Analysis of Information Risk. We explain key risk terminology and walk through examples of how to express risk using this model, as well as creating a meaningful way to explain to executives that is actionable.   Risk Matrix Example: Link One Page FAIR Model: Link Measuring & Managing Information Risk: Link FAIR Wiki: Link

Quantitude
A Fireside History of Quant, part 2

Quantitude

Play Episode Listen Later Jul 20, 2021 59:35


Nursing their SPF-defying sunburns from SummerQamp 1, Patrick and Greg now find themselves in the woods by a roaring campfire, covered in bug spray. In this second summer installment they transition from previous conversations about the origins of statistics to the incredibly cool and often concurrent history of measurement. Grab a stick, pull up a log, and come roast a marshmallow with us!

The Lebenthal Report
Proposed tax law changes explained and value/growth factor analysis | The Lebenthal Report Episode #19

The Lebenthal Report

Play Episode Listen Later May 19, 2021 49:55


On this episode of The Lebenthal Report, Dominick Tavella and Michael Hartzman speak with Bennet Grutman, Partner at Davis & Grutman, LLP. Jordan Kimmel then joins the show to speak with Edward Matluck, President of Hedgemetrics, Inc.

The Lebenthal Report
Tax law changes explained and value/growth factor analysis

The Lebenthal Report

Play Episode Listen Later May 18, 2021 60:00


On this episode of The Lebenthal Report, Dominick Tavella and Michael Hartzman speak with Bennet Grutman, Partner at Davis & Grutman, LLP. Jordan Kimmel then joins the show to speak with Edward Matluck, President of Hedgemetrics, Inc.

Writers Drinking Coffee
Episode 91 – A Psychological Model for Character Building

Writers Drinking Coffee

Play Episode Listen Later Mar 9, 2021 35:42


In this episode, Dave, Chaz, and John briefly discuss character development using the "Big Five" model of personality before haring off on a number of predictable tangents. Also in this episode: everything Dave knows about factor analysis and psychological modeling (tl;dr: psychology is squishy); what Chaz doesn't know about "Aspects of the Novel:" by E.M. Forster (quite a bit, and seemingly proud of it); and John reminds Chaz to panic about being replaced by a computer. Also: MFAs are a dodgy proposition; the academic wing of the Tolkien industry; Freud sucks (Dave again); and how pantsing yourself into a corner is like failing to solve a Sudoku. Finally, a plea: "plotting" is fine, but can we please find an alternative to "pantsing"?! … Continue...Episode 91 – A Psychological Model for Character Building

Social Research Methods
#20 Factor Analysis

Social Research Methods

Play Episode Listen Later Dec 2, 2020 24:56


Factor analysis reduces complexity of data by extracting a few factors. It delivers underlying coordinates in an otherwise complicated set of variables. We use factor analysis for instance to understand the basic independent dimensions of personality. All slides to the entire series can be downloaded for free here: https://armintrost.de/en/professor/digital/social-research-methods/

Business of Cyber
BoC# 17: The Evolution of the Security Industry and Origins of the FAIR Model w/ Jack Jones

Business of Cyber

Play Episode Listen Later Oct 14, 2020 26:17


Jack Jones is one of the most well respected thought leaders in risk management and information security. During his 30 years in the industry he has garnered a decade of experience as a CISO, including five years for a Fortune 100 financial services company. His work has also been recognized by his peers and the industry, earning him the 2006 ISSA Excellence in the Field of Security Practices award, and the 2012 CSO Compass Award for Leadership in Risk Management. Jack is the originator of the now industry standard risk measurement model known as Factor Analysis of Information Risk (FAIR). FAIR has seen adoption globally, within organizations of all sizes, and is now regularly included in graduate-level university courses on information security and referenced by other industry standards. He also recently co-authored a book on FAIR entitled "Measuring and Managing Information Risk - A FAIR Approach", which has been inducted into the Cybersecurity Canon as a "must read" for professionals in the industry. Jack was also on the ISACA task force that developed the RiskIT framework, and he led the ISACA group that developed the CRISC certification. Today, Jack is in charge of Research at RiskLens, Inc. and is a sought after speaker at national conferences and universities like Carnegie Mellon and Ohio State University. He is also the Chairman of The FAIR Institute (http://www.fairinstitute.org/), a non-profit organization led by information risk officers, CISOs and business executives to develop standard information risk management practices based on FAIR.

The Mind Money Spectrum Podcast
#41. What does academia have to say about what really works when investing in stocks?

The Mind Money Spectrum Podcast

Play Episode Listen Later Sep 22, 2020 58:05


In this episode, Trishul and Aaron discuss the academic research that has informed investing strategies over the past 90 years. Value & Momentum, Modern Portfolio Theory, Efficient Market Hypothesis, Factor Analysis, Asset Allocation, and more. They cover everything you need to know to sound intelligent with your investment club. But the big picture is that all this knowledge won't increase your odds of beating the market. Even though many of these breakthroughs resulted in Nobel Prizes, as more investors flooded to adopt cutting-edge strategies, superlative returns became ever more elusive. It turns out some of these winning approaches do work some of the time, as theory would suggest. However, none of them work with sufficient consistency. Furthermore, it's likely impossible to identify the periods when a strategy will work as intended. In the end, you may be better off finding something better to do with your time and money than trying to outsmart the market.Episode ReferencesMMS #2. Buying stocks can be fun, but don't fall into these common traps.MMS #21. Why the VIX is useless.Investing Forever - Why investing in one thing over another?Investing Forever - Efficient Market HypothesisModern Portfolio TheoryIdiosyncratic RiskBenjamin GrahamCapital Asset Pricing ModelFama French Three-Factor ModelSetting the Record Straight on Asset AllocationMomentum InvestingModern Portfolio Theory vs Behavioral FinanceWarGames (1983)ObsoletedRemain Solvent (Quote)Value and Momentum EverywhereFlash Boys by LewisPodcast Description Welcome to The Mind Money Spectrum Podcast where your hosts Aaron Agte and Trishul Patel go beyond traditional finance questions to help you explore how to use your money to achieve the freedom you want in life. Aaron is a Financial Planner from the Bay Area, and Trishul is a Wealth Manager on the East Coast. For more information about Aaron, check out GraystoneAdvisor.com. And for more information on Trishul check out InvestingForever.com. We thank you all for listening, and stay tuned for our latest episode on our website, MindMoneySpectrum.com.

Quantitude
Episode 22: Factor Analysis -- The Good, The Bad, & The Ugly

Quantitude

Play Episode Listen Later Apr 6, 2020 63:11


Greg and Patrick are inspired by possibly the greatest Western movie ever filmed as they navigate The Good, The Bad, and The Ugly of factor analysis. In addition to arguing that exploratory factor analysis isn't really exploratory and confirmatory factor analysis isn't really confirmatory, they adroitly traverse topics including sabbatical do-overs, Corona Academy, leeches, tall ship wine, grad school accomplishments, Roz from Monsters Inc., extraverted statisticians, bread pudding, obituaries, the statistician's greatest insult, factor analysis parties, playing with knives, and going toward the light.

Factor Analysis
EP207: A Fitbit, But For Plants

Factor Analysis

Play Episode Listen Later Apr 3, 2020 11:17


In this episode of Factor Analysis, we speak with electrical engineering expert Dr. Liang Dong, a professor in the Department of Electrical and Computer Engineering at Iowa State University. Dr. Dong is in the process of developing a Fitbit-like device for crops such as corn with the potential to lower the amount of money farmers put toward water — resulting in economical farming methods and cheaper foods on grocery store shelves.

Factor Analysis
EP206: CyberSafety during COVID-19

Factor Analysis

Play Episode Listen Later Mar 27, 2020 10:30


In this special #SocialDistancing episode of Factor Analysis, we speak with CyberSecurity expert and University Professor Doug Jacobson about the need for extra precaution as the world moves even further online. Dr. Jacobson offers insight and tips on what to be looking for, and how to avoid potentially costly mishaps online.

Factor Analysis
EP205: Coming Together at the Seams

Factor Analysis

Play Episode Listen Later Mar 20, 2020 14:07


James McCalley, London Professor of Power Systems Engineering in Iowa State's Department of Electrical Engineering, has spent more than a decade working with the National Renewable Energy Laboratory to evaluate methods of effectively connecting the main US power grid systems to allow efficient transfer of renewable energy from coast to coast. Dr. McCalley recently sat down with Factor Analysis to explain the challenges and obstacles, as well as the benefits of this study.

Factor Analysis
EP203: Engineering Apple Park to “Think Different”

Factor Analysis

Play Episode Listen Later Feb 7, 2020 14:04


When you are engineering a project for one of the largest and most profitable companies in the world, perfection isn’t an option … it’s a requirement. In this episode of Factor Analysis, we dive into conversation with Eric Borchers, a 2005 civil engineering graduate and one of the engineers to work on Apple Park, Apple’s new global headquarters in Cupertino, California. Borchers takes us inside some of the unique features of the campus and explains the complexities surrounding a project of this size and importance.

Quantitude
Episode 13: How Do I Get Scale Scores? Weight, Weight... Don't Tell Me...

Quantitude

Play Episode Listen Later Feb 3, 2020 62:07


Greg and Patrick pursue several topics raised on prior episodes on scale reliability and measurement invariance to their logical conclusion. Namely, they ponder the multitude of persnickety issues associated with putting a set of items into the psychometric sausage maker to grind out scale scores for use in subsequent analysis. In addition to bickering with one another over a host of trivial issues, they also discuss Neil Peart, needless aggression, time travel, rapping the MMPI, paying the reaper, pokes in the eye, circling the drain, and using the word "imbricate."

Quantitude
Episode 12: Measurement (Non)Invariance -- Can We Ever Fail to Not Incorrectly Reject It?

Quantitude

Play Episode Listen Later Jan 27, 2020 65:28


In this episode, Patrick and Greg respond to a call-in question that raises a host of issues revolving around measurement invariance testing. In addition to complaining about horrible terminology commonly used in quantitative methodology, they also address pirate mothers, irreverance, time machines, quadruple negatives, buying firewood, digging up bodies, the Schotz clock, and dumpster fires. There are also return appearances of Whac-a-Mole and the poking stick.

Factor Analysis
EP201: Learning the Language of Tomorrow's Problem Solving

Factor Analysis

Play Episode Listen Later Jan 10, 2020 12:07


Years from now, a child could walk into an implement dealership and see robots for sale alongside tractors and combines. So students at Iowa State are finding themselves on the edge of a new frontier in agricultural technology. How do Iowa State faculty prep those students for the future of precision agriculture? Hear from John Haughery, an assistant professor of agricultural and biosystems engineering, in this episode of Factor Analysis.

Quantitude
Episode 9: Grumpy Old Man & Village Idiot Argue About Reliability

Quantitude

Play Episode Listen Later Jan 7, 2020 63:18


In this first episode of 2020, Greg and Patrick welcome the new year by offering what listeners have come to expect: no apparent plan for the episode, followed by rambling, circular, and barely internally-consistent discussion. At least they are, well, reliable. In fact, their meanderings lead them to a discussion of just that topic -- reliability. In an impromptu segment they call "Grumpy Old Man & Village Idiot" the Quanti-dudes talk about the often-forgotten but absolutely critical importance of securing high quality measures when addressing substantive research questions, and the severe consequences of failing to do so. In addition to grousing about reliability, they also discuss: questions you can ask in a dissertation defense when you have no idea what is actually going on, Walmart bathroom scales, frisbees on the lawn, toxic masculinity, carnival barkers, sunscreen, Clint Eastwood, and sibling IQ tests. Easter egg alert: listen for a hidden bark from Greg's dog Gus who wants to be let outside!

Factor Analysis
EP111: Brewing Up New Uses For An Engineering Degree

Factor Analysis

Play Episode Listen Later Dec 20, 2019 17:16


“Bringing people together over good beer,” is a motto for the owners of Limestone Brewers in Osage, Iowa. During this season of feasting and fine drink, we talk with Josh Olson, a 1999 graduate of Iowa State’s Department of Agricultural and Biosystems Engineering and co-founder of the brewery. We’ll learn how Josh’s engineering mind is a perfect fit for the booming craft beer industry. Tune in to see what we’ve prepared for our listeners in this edition of Factor Analysis.

Factor Analysis
EP110: Spanning Then And Now

Factor Analysis

Play Episode Listen Later Dec 5, 2019 15:02


When was the last time that you slowed down to enjoy the beauty of nature? Civil engineer Brenna Fall is out to change our hurried mindset. In fact, her contribution to engineering includes an iconic landmark and favorite spot for hikers, bikers and nature lovers ... the High Trestle Trail Bridge. Learn about one of Iowa's favorite walkways and the history behind the bridge on this edition of Factor Analysis.

Playing with Research in Health and Physical Education
69: Structural Equation Modeling and Confirmatory Factor Analysis

Playing with Research in Health and Physical Education

Play Episode Listen Later Nov 26, 2019 23:45


Kevin Richards (@KARRichards14) comes on to discuss the statistics used in his co-authored paper (see cite below). This is a good real-world application and explanation to these two techniques. The podcast about the paper launches next week (Episode 70). Full Cite: Richards, K. A. R., Washburn, N., & Lee, Y. H. (2019). Understanding Emotional Labor in Relation to Physical Educators’ Perceived Organizational Support, Affective Commitment, and Job Satisfaction. Journal of Teaching in Physical Education, 1(aop), 1-11.

Factor Analysis
EP109: Global Collaboration on Food Security

Factor Analysis

Play Episode Listen Later Nov 22, 2019 18:57


“I used to read about Iowa. It is one of the greatest producers of corn in the world. I thought, ‘my gosh, maybe one day I’ll get to see that. One day, I’ll be America and I’ll get to see those corn rows.’" Listen to Ugandan Moses Kalyango's experience as an undergraduate student visiting Iowa State. Tom Brumm, Mary and Charles Sukup Global Professor in Food Security and associate director of the Center for Sustainable Rural Livelihoods, is Moses' faculty mentor and also a guest on this episode of Factor Analysis.

Sleep Junkies Podcast
Debunking the demons: sleep paralysis explained

Sleep Junkies Podcast

Play Episode Listen Later Nov 18, 2019 69:55


Throughout human history, across different cultures, people have told tales about supernatural visitations during the night. We now know that these stories refer to a condition known as sleep paralysis, a hybrid sleep/wake state whereby our muscles are largely paralysed but our brain 'wakes up'. Today we speak to psychology professor Christopher French about this common, and often frightening sleep disorder - how its symptoms manifest, the fascinating cross-cultural background and some strategies to help manage and cope with sleep paralysis   This Episode's Guest Professor Christopher French is the Head of the Anomalistic Psychology Research Unit in the Psychology Department at Goldsmiths, University of London. He has published over 150 articles and chapters covering a wide range of topics. His main current area of research is the psychology of paranormal beliefs and anomalous experiences. He frequently appears on radio and television casting a sceptical eye over paranormal claims. Goldsmiths: https://www.gold.ac.uk/psychology/staff/french/ ResearchGate: https://www.researchgate.net/profile/Christopher_French2 Twitter: https://twitter.com/chriscfrench More Resources Article in the Guardian: http://www.guardian.co.uk/science/2009/oct/02/sleep-paralysis Sleep Paralysis Project: https://sleepparalysisproject.wordpress.com Cheyne et al Factor Analysis: https://www.sciencedirect.com/science/article/abs/pii/S105381009990404X http://www.amazon.com/Sleep-Paralysis-Historical-Psychological-Perspectives/dp/0199313806/ http://www.amazon.com/Sleep-Paralysis-Night-mares-Connection-Anthropology/dp/0813548861 Article from Sleep Junkies: https://sleepjunkies.com/sleep-paralysis-demons-nightmares/ Episode Homepage: https://sleepjunkies.com/sleep-paralysis-explained/ More Episodes:

Sleep Junkies Podcast
035: Sleep paralysis explained – Professor Chris French

Sleep Junkies Podcast

Play Episode Listen Later Nov 18, 2019


Throughout human history, across different cultures, people have told tales about supernatural visitations during the night. We now know that these stories refer to a condition known as sleep paralysis, a hybrid sleep/wake state whereby our muscles are largely paralysed but our brain 'wakes up'. Today we speak to psychology professor Christopher French about this common, and often frightening sleep disorder - how its symptoms manifest, the fascinating cross-cultural background and some strategies to help manage and cope with sleep paralysis   This Episode's Guest Professor Christopher French is the Head of the Anomalistic Psychology Research Unit in the Psychology Department at Goldsmiths, University of London. He has published over 150 articles and chapters covering a wide range of topics. His main current area of research is the psychology of paranormal beliefs and anomalous experiences. He frequently appears on radio and television casting a sceptical eye over paranormal claims. Goldsmiths: https://www.gold.ac.uk/psychology/staff/french/ ResearchGate: https://www.researchgate.net/profile/Christopher_French2 Twitter: https://twitter.com/chriscfrench More Resources Article in the Guardian: http://www.guardian.co.uk/science/2009/oct/02/sleep-paralysis Sleep Paralysis Project: https://sleepparalysisproject.wordpress.com Cheyne et al Factor Analysis: https://www.sciencedirect.com/science/article/abs/pii/S105381009990404X http://www.amazon.com/Sleep-Paralysis-Historical-Psychological-Perspectives/dp/0199313806/ http://www.amazon.com/Sleep-Paralysis-Night-mares-Connection-Anthropology/dp/0813548861 Article from Sleep Junkies: http://sleepjunkies.com/sleep-paralysis-demons-nightmares/ Episode Homepage: http://sleepjunkies.com/sleep-paralysis-explained/ More Episodes:

CISO-Security Vendor Relationship Podcast
I'll See Your Gated Whitepaper and Raise You One Fake Email Address

CISO-Security Vendor Relationship Podcast

Play Episode Listen Later Oct 22, 2019 34:20


All links and images for this episode can be found on CISO Series (https://cisoseries.com/ill-see-your-gated-whitepaper-and-raise-you-one-fake-email-address/) We're all in with not wanting "follow up email marketing" on the latest episode of CISO/Security Vendor Relationship Podcast. This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest this week is Ian Amit (@iiamit), CSO, Cimpress. Thanks to this week's podcast sponsor Trend Micro. Trend Micro Incorporated, a global leader in cybersecurity solutions, helps to make the world safe for exchanging digital information. Our innovative solutions for consumers, businesses, and governments provide layered security for data centers, cloud environments, networks, and endpoints. For more information, visit www.trendmicro.com. On this week's episode Why is everyone talking about this now? To gate or not to gate. Mike posted on LinkedIn about how much he appreciated vendors who don't gate their content behind a registration wall. The post blew up on LinkedIn. The overwhelming response got some vendors willing to change their tune. Hey, you're a CISO, what's your take on this? Kevin Kieda of RSA Security asks, "For an initial meeting what are the things you want the sales person to know about your business that many of them don't." Kevin says he gets frustrated that he gets the sense a prospect wants them to know what tools they're using even though he knows he often can't find out that information. What is the must know, nice to know, and boy I'm impressed you know that? Mike Johnson recommends BuiltWith.com for basic OSINT on a company site. What's Worse?! Whose mistakes are worse? Your own or the vendor's? The great CISO challenge Factor Analysis of Information Risk (FAIR) is a risk framework (often laid ontop of others) that simplifies the understanding of risk by identifying the blocks that contribute to risk and their relationship to each other and then quantifying that in terms of money. Ian, can you give me an example of how you actually do this? Since its inception back in 2010, Zero Trust Architecture has been gaining traction. Much of the interest stems from the nature of work and data today – people working from anywhere on any device, and data racing around networks and to and from the cloud means there is no single fortress where everything can exist safely. Operating on a belief that everything inside the perimeter is safe because it’s inside the perimeter is no match to today’s hacking, penetration and inside sabotage. The establishment of new perimeter protections, including microtunnels and MFA is best applied to new cloud deployments but must still somehow be factored into a legacy architecture without becoming more inconvenient and vulnerable than what it is trying to replace. More on CISO Series. Check out lots more cloud security tips sponsored by OpenVPN, provider of next-gen secure and scalable communication software. OpenVPN Access Server keeps your company’s data safe with end-to-end encryption, secure remote access, and extension for your centralized UTM. Why is this a bad pitch? What's the polite way to hande the way too generic vendor request. We offer two examples of non-specific pitches that are obviously just begging for a CISO's time. Is there a polite way to refute the request and let them know without talking down to them and letting them know that this isn't a tactic they should pursue?

Curiosity Daily
Big Five Personality Traits Are WEIRD, Why Mouth Wounds Heal So Quickly, and Snake Island

Curiosity Daily

Play Episode Listen Later Aug 14, 2019 8:37


Learn about why the Big Five personality traits may not be reliable in developing countries; why Brazil's Ilha da Queimada Grande island is full of outrageously venomous snakes; and why wounds in your mouth heal so quickly. In this podcast, Cody Gough and Ashley Hamer discuss the following stories from Curiosity.com to help you get smarter and learn something new in just a few minutes: The Big Five Personality Traits May Not Be Reliable in Developing Countries — https://curiosity.im/2KgKNJm  Snake Island Is Teeming With Nothing But Outrageously Venomous Snakes — https://curiosity.im/2SvwQtq  Why Do Mouth Wounds Heal So Quickly? — https://curiosity.im/2SGgpuF  Download the FREE 5-star Curiosity app for Android and iOS at https://curiosity.im/podcast-app. And Amazon smart speaker users: you can listen to our podcast as part of your Amazon Alexa Flash Briefing — just click “enable” here: https://curiosity.im/podcast-flash-briefing. 

Compound Your Knowledge
Compound Your Knowledge: Betting Against Beta, The Conservative Formula, Benchmarks

Compound Your Knowledge

Play Episode Listen Later Jun 23, 2019 16:57


Ryan Kirlin and Dr. Jack Vogel discuss three articles published on our blog this week. First, we examine a summary by Larry Swedroe that highlights the Betting Against Beta (BAB) factor and dives into two new papers examining when the BAB factor performs well. Second, we discuss a paper titled “The Conservative Formula: Quantitative Investing Made Easy” which uses three well-known factors, (1) low volatility, (2) price momentum, and (3) payout-yield to form a 100 stock portfolio. Last, we examine a paper titled “What's in Your Benchmark? A Factor Analysis of Major Market Indexes” authored by the BlackRock, Inc. team–they examine common market-capitalization weighted portfolios and break them down into their factor allocations using long-only and investable (1) Value, (2) Momentum, (3) Quality, (4) Size, and (5) Low Volatility portfolios. Links to the post are below for those interested in digging into the details! Video Links/Notes How Leverage Constraints Effect Mutual Fund Risk Taking (discussion of the BAB factor): https://alphaarchitect.com/2018/09/13/how-leverage-constraints-effect-mutual-fund-risk-taking/ The Conservative Formula: Quantitative Investing Made Easy https://alphaarchitect.com/2018/09/11/the-conservative-formula-quantitative-investing-made-easy/ What's In Your Benchmark? https://alphaarchitect.com/2018/09/10/whats-in-your-benchmark/

Public Problems
On Quantitative Methods (Psychometrics) in Public Service: Test Dimensionality and Factor Analysis

Public Problems

Play Episode Listen Later Feb 4, 2019 42:22


In the lecture, Justin Bullock discusses Chapter 4: Test Dimensionality and Factor Analysis from Michael Furr's Psychometrics: An Introduction

Bill Murphy's  RedZone Podcast | World Class IT Security
#042: How To Apply Socratic Thinking to Build Defensible IT Security investments

Bill Murphy's RedZone Podcast | World Class IT Security

Play Episode Listen Later Feb 17, 2016 54:20


Today I had an interesting conversation with Jack Jones. This is Jack’s second time on the show and I loved our discussion. It is a gem of learning and is packed with information that you can use right away. Jack was one of the first CISOs in the United States and he is the inventor of the FAIR model for analyzing Information Security Risk. Jack’s bio is extensive and here is a short list of his accomplishments. Jack Jones has worked in technology for over 30 years, and information security and risk management for 25 years. He has over nine years of experience as a CISO with three different companies, including five years at a Fortune 100 financial services company. He received the ISSA Excellence in the Field of Security Practices award at the 2006 RSA Conference. In 2007, he was selected as a finalist for the Information Security Executive of the Year, Central United States, and in 2012 was honored with the CSO Compass award for leadership in risk management. Jones is also the author and creator of the Factor Analysis of Information Risk (FAIR) framework. Currently, Jones serves on the ISC2 Ethics Committee, and is the Executive Vice President, Research and Development of Risk Lens, Inc. Suffice it to say that Jack is a rock star in the Information Security and IT risk community! 6 Key Points: Why top 10 lists for IT Security are useless] How to add probability and possibility of events happening into your risk models How to present data that your board of directors will love How to develop range into your communication How to apply critical thinking, logic and Socratic methods to your analysis How to apply rigor in developing a defensible argument Sponsored By: This episode is sponsored by the CIO Security Scoreboard, a powerful tool that helps you communicate the status of your IT Security program visually in just a few minutes. Time Stamped Show Notes: FAIR is a framework of critical thinking and model or codification of risk and how risk works. Provides reference for thing through complex risk problem problems, risk assumptions and enabling risk discussions [04:53] Servicing assumption enabling debate like dialogue in this discussion [05:15] Jack Jones one of the first CISOs. CISO late 1980s. How to present risk? Technique with FAIR possibility vs probability what is it? Eg. McAfee virus impacting company and disrupting operations. Genesis was a 2003 XP system that contractor required them to have on their network. Sophisticated tools. Blindsided for a few days - because an admin was using a personal machine for surfing, so how would somebody apply FAIR. Knew administrator issues. How do you apply FAIR analysis to this? [08:49] In organization that knows it has control deficiencies. In doing risk analysis of landscape and threat landscape we face are the scenarios that could be painful. Develop straightforward taxonomy and availability high level. From confidentiality perspective what are assets would be exposed from and integrity perspective. [10:00] Deeper level of granularity - step-by-step process develop Taxonomy of events that represents loss. Then analyze likelihood of loss [10:39] If organization done that and they might have, when there is significant impact even if the likelihood is low - controls you want to be able to fast detection and recovery. If down for three days, then recovery rate not what is should be. Organization - in a rigorous fashion - lay out the risk landscape which on the surface they understand exist but don't know where it's relative to the other things in their landscape. Way they triage their world and identify set of conditions - work to be done and could have prioritized it more effectively [12:20] Concept of probability vs possibility linked to Russian Roulette. Organizations fall into the trap of possibility and not probability considerations. If we Focus solely on events are conceivably possible and hugely painful - an asteroid strike would come up and what we would do for an asteroid strike. There has to be a probability element - you can't just solely focus on possibility. Possibility of bad events 100-percent but probability might be lower. Crucial in order to prioritize. [14:38] If there was a risk with old systems because of the admin issue it would have and fitted access to work things out how would you reverse engineer that situation [15:09] In that instance - high probability of encountering malware - the only question from a probability perspective is what are odds of encountering malware that their preventative measures aren’t going to handle. Most security professionals would say that that could happen with the regularity so probability is higher. From a threat perspective zero Day stuff happens with some regularity – and we would be able to come up with likelihood estimate. One of the factors that place into the likelihood is the administrative privilege exposure. What it does is it allows the malware to have greater control and broader Impact than otherwise [17:35] Patching situation would be factors in the evaluation as well but they might have - fragile state wholly dependent on that malware situation due to administrative situation and patching situation. They just fragile to the single control element. Within FAIR there is probability and impact and also2 states: 1) fragile depending on single control in an active threat landscape and the other is 2) unstable where an asset you want to protect that exists in a not very active landscape but you don't have any preventative or resistance control. databases - evaluating scenario rogue database administrators. Nothing to stop it. So when you identify unstable conditions you look at how you would resolve and detect a situation because you have no resistant option. [19:36] In evaluating Probability and Impact and two qualifiers fragile and unstable [20:01] How do you estimate likelihood of happening. All kinds of downsides to scales. Doesn’t allow you to effectively articulate best case, worst case, & most likely case - range of outcomes. From a probability perspective not a lot of work to look at industry data relevant to Technologies in this particular organization. Two ends of the spectrum. Do you see the trends what's more or fewer? Using the data set the minimum at 5 that are relevant to technology concerned about Maximum 15 or perhaps 15 or 20 – per year. Depending on quality of data - make the Range wider or narrower. Faithfully representing your range of uncertainty is critical. Put a discrete number. I don't want number I want a range. Two dimensions. The width of the range. And the most likely value how flat or sharply peaked to B. Perk distribution. Expressing range of uncertainty. [24:09] Interesting in profession when you try to quantify something precision take the distance second to accuracy. When I give you a range that incorporates the actual outcomes in my Range – then my range is accurate and you increase probability of accuracy with wider ranges – but diminished returns [26:25] The useful degree of precision with a confidence level you can stand behind – Process of Calibration, How to Measure Anything - Douglas Hubbard a book that covers this beautifully [26:44] Utility for decision-making vs estimatingconcept, in expression ranges - when presenting risk to use decision makers trying to influence decision to make buying decisions. Calibration piece helps the decision maker make this decision [28:59] Blog series written about this - look at ordinal scales organizations rely on. HIGH MEDIUM LOW. They will identify top ten risks they are identified 10 things in the landscape that they would place into a high risk bucket. Top 3 - how do you differentiate in that bucket when choosing why things don't go into the bucket people. Can't identify why things don't go into that bucket they don't think things through with sufficient [30:25] Not very effective if you use quantitative measures quantitative measures allows you to distribute one above another I would focus on the thing that I have less certainty on. The lack of certainty is risk factor that needs to be dealt with [31:50] Telescopic piece and level of sophistication is not sufficiently advanced to explain to business decision maker to explain why they can't spend money in that area so will spend money in this area. How can someone reconcile real security and audit findings – which are at odds [33:46] Key component is applying real rigor to developing scenarios when encryption at rest is relevant. Encrypt your hard drive - very useful. But a lot of scenarios where the data can be compromised and encryption increases risk. Define set of scenarios where data is at risk in that subset where is encryption adds value and where not. Then evaluating impact. Then have means for comparing solutions. [36:35] Playing at the scenarios is sufficient for people to realize which options are better. [37:05] Set of control opportunities that cost a fraction and show through analysis how it reduces risk more than encryption. [37:38] Some IT professionals feels that (engagement) implies combat. They feel they are protecting an organization so we are asking a government entity auditor but what about educating people to prevent risk. [38:55] People are hesitant to go toe-to-toe against a regulator auditor –operating from intuition. They haven't applied rigorous approach to developing argument - sometimes intuition is wrong and then you realize there right. That's ok. But very often intuition is right. Need framework (like FAIR) for critical thinking through complex problems and developing argument and rationale and surface assumptions making estimates - put before the auditors, if you go through the process to the authoritative figure have you has not applied any rigor to it [40:35] Critical thinking, the Socratic method, logical way of thinking. Interesting to back-up intuition with a rigorous reproach to have a defensible argument [41:21] Save looking at problems and potential Solutions and more rigorous critical-thinking-like fashion is hugely valuable. Just having the framework for discussing and debating things – hugely valuable. [42:27] Another component is normalizing terminology. [43:02] FAIR model - really valuable. Every organization’s risk summary includes top 10 risks and that includes cybercriminals, social engineering, change management, mobile media and cloud computing. And if you look at those - cybercriminal threat community and cloud computing – technology, change management is a control element. It's like comparing apples and oranges. Those are not loss scenarios. FAIR Institute Blog that discusses this. How organizations are identifying and managing top 10 risks and it's a huge problem. We cannot expect to mature if we can't get a fundamental nomenclature correct [45:53] What are the easy steps that someone can transform the top 10 list lost scenarios change the top 10 list? [46:21] Create 2 lists of the top loss scenarios - taxonomy is a list of outcomes. Taxonomy is a categorization. Categorize loss events to a level of abstraction that’s balanced. Balance to be struck. easy to recognize with that balance lies as you go through the process. Qualitatively or quantitatively then do a probability & impact around those and that will tell you which off top 5 or 10. [48:02] Other list - control deficiencies. Risk assessment is controlled assessment. How to prioritize what contributes most of this risk. That identifies top control positions. Cant mix together. Simple way - get handle on risk landscape and determine focus. Look at list of top 10 deficiencies - map them to which scenarios highly relevant less likely relevant - these three or four need to be hitting these hard. We can say over time this will reduce or change this list scenario. [49.24] Recognizing you have to have two lists - top 10 less list is worse than useless you can't compare because it's misinformation in the worst way [49:47] Recommend Measuring and Managing Information Risk: A FAIR Approach co-authored with Dr. Jack Freund. FAIR Institute where to get education at the ecosystem of people in organization to Leverage framework. Universities taking part. Institute, free copy of book but different membership levels soft launch in December formal launch in February [52:10] The org (owns IP for Unix) has resources for FAIR and certification for practitioners. Risk Lens blog resources case studies and the book [52:22] Risk lens does fair Consulting and Open Group is organization but only intellectual property and they adopted her Institute have found her [53:06]  How to get in touch with Jack: Twitter LinkedIn Risk Lens Profile RSA Conference Profile InfoSec 2016 Conference Profile Key Resources: Bill’s first interview with Jack Measuring and Managing Information Risk: A FAIR Approach co-authored with Dr. Jack Freund FAIR Institute How to Measure Anything - Douglas Hubbard Risk Lens Opengroup.org FAIR Institute Blog Jack Freund LI profile Credits: Outro music provided by Ben’s Sound    

Movement Disorders Journal Podcasts 2012-2015
Factor Analysis of the Hospital Anxiety and Depression Scale Among a Huntington’s Disease Population

Movement Disorders Journal Podcasts 2012-2015

Play Episode Listen Later Dec 21, 2015 2:04


Bill Murphy's  RedZone Podcast | World Class IT Security
Innovation & Risk – How to remove emotion and superficial thinking from Cyber Security decision making | Episode #15

Bill Murphy's RedZone Podcast | World Class IT Security

Play Episode Listen Later May 20, 2015 48:57


Jack Jones is widely considered a thought leader in risk management and information security, Jack has been employed in technology for the past thirty years; specializing in information security and risk management for twenty-four of those years. During this time he has garnered a decade of experience as a CISO, including five years for a Fortune 100 financial services company. His work has also been recognized by his peers and the industry, earning him the 2006 ISSA Excellence in the Field of Security Practices award, and the 2012 CSO Compass Award for Leadership in Risk Management. Jack is the originator of the now industry standard risk management framework known as Factor Analysis of Information Risk (FAIR). FAIR has seen adoption globally, within organizations of all sizes, and is now regularly included in graduate-level university courses on information security and referenced by other industry standards. He also recently co-authored a book on FAIR entitled "Measuring and Managing Information Risk - A FAIR Approach".  

Volkswirtschaft - Open Access LMU - Teil 02/03
A factor analysis approch to measuring European loan and bond market integration

Volkswirtschaft - Open Access LMU - Teil 02/03

Play Episode Listen Later Nov 1, 2009


By using an existing and a new convergence measure, this paper assesses whether bank loan and bond interest rates are converging for the non-financial corporate sector across the euro area. Whilst we find evidence for complete bond market integration, the market for bank loans remains segmented, albeit to various degrees depending on the type and size of the loan. Factor analysis reveals that rates on large loans and small loans with long rate fixation periods have weakly converged in the sense that, up to a fixed effect, their evolution is driven by common factors only. In contrast, the price evolution of small loans with short rate fixation periods is still affected by country-specific dynamic factors. There are few signs that bank loan rates are becoming more uniform with time.

european factor loans measuring bond market volkswirtschaft factor analysis market integration ddc:300 ddc:330 munich discussion papers in economics
CERIAS Security Seminar Podcast
Jack Jones, Shifting focus: Aligning security with risk management

CERIAS Security Seminar Podcast

Play Episode Listen Later Apr 9, 2008 60:45


With few exceptions, executive management doesn't care about security. They care about risk. In this session, Jack will discuss the differences and share his experiences in taking the information security program at a Fortune 100 financial services company from a security focus to one of risk management. This presentation will cover why the change took place, how it took place (what worked and what didn't), and the practical benefits that resulted. About the speaker: Jack Jones has been employed in technology for the past twenty-five years, and has specialized in information security and risk management for eighteen years. During this time, he's worked in the military, government intelligence, consulting, as well as the financial and insurance industries. Jack spent over five years as CISO for a Fortune 100 financial services company where his work was recognized at the 2006 RSA Conference with ISSA's Excellence in the Field of Security Practices award. In 2007 he was selected as a finalist for the Information Security Executive of the Year, Central United States. As a member of an international ISACA task force, Jack is helping to develop global standards for IT risk management in the enterprise. He also regularly speaks at national conferences and has developed and published an innovative risk analysis framework known as Factor Analysis of Information Risk (FAIR).