FAIR Institute Blog

Think You Know Basic Risk Concepts? Take a FAIR Challenge

[fa icon="calendar"] Jun 30, 2017 10:17:29 AM / by Jeff B. Copeland

think-you-know-basic-concepts-risk-take-fair-challenge.jpgInherent risk, likelihood, vulnerability: concepts in everyday use in risk analysis that you think you have down pat. Read these three blog posts, and, if you're new to FAIR, we guarantee to make your assumptions topple. If you’re already a FAIR practitioner, you'll learn how to plug these foundational concepts into the FAIR model to solve whatever scenarios come your way.   

Using the FAIR Model to Measure Inherent Risk

Inherent risk, the level of risk absent any controls, is a widely used starting point for risk analysis – and wrongly used, says Jack Jones in this post. Jack explains (with Hannibal Lecter as an example) why the common understanding of inherent risk makes a shaky starting point for analysis. Yet Jack is a fan of the concept, and he shows how the FAIR model can bring it into sharper focus. For more details and examples, see this blog post by Evan Wheeler on applying FAIR to inherent risk. 

How to Think About Likelihood, Probability and Frequency

What's the purpose of a risk assessment? To inform decision makers of "the likelihood that harm will occur”, says the National Institute of Standards NIST SP 800-30, and a shelf of other risk standards and foundational texts on risk, which then proceed to wander off into the woods in search of a definition of “likelihood.” In this post, Steve Poppe cuts through to the ground truth that “likelihood is a probability and a probability is a number” applicable to FAIR analyses.  

What Is Vulnerability?

“Our profession has done a great job confusing ourselves” about vulnerability, Steve Poppe writes, and in information security, the definition is especially fuzzy.  Steve translates vulnerability with the FAIR model into a simple, elegant concept that’s useable to calculate a probability.

Related:

[VIDEO] New to FAIR? Start with this High-Level Introduction by Jack Jones

Topics: FAIR

Jeff B. Copeland

Written by Jeff B. Copeland

Jeff is the Content Marketing Manager for RiskLens.

More

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts