An Enterprise Scalable Risk Model

FAIR's risk model components are specifically designed to support risk quantification:

  • A standard taxonomy and ontology for information and operational risk.
  • A framework for establishing data collection criteria. 
  • Measurement scales for risk factors.
  • A modeling construct for analyzing complex risk scenarios.
  • Integration into computational engines such as RiskLens for calculating risk.

Login on the members resources page to get your FREE copy of the FAIR Book chapter on the FAIR risk ontology.

Learn more about building a risk management program with FAIR



Complementary to Existing Risk Frameworks

FAIR's risk analysis capabilities complement the existing risk management frameworks.

  • fi2Risk frameworks from organizations such as NIST, ISO, CERT, ISACA, etc. are useful for defining and assessing risk management programs.
  • They all prescribe the need to quantify risk, but for the most part, they leave it up to the practitioners to figure it out.
  • Some are silent on the subject of how to compute risk, while others are open in the allowance of 3rd party methods.
  • Frameworks such as NIST 800-30 attempt to measure risk, but fall short as they rely on qualitative scales and flawed definitions.
  • FAIR helps fill that gap by providing a proven and standard risk quantification methodology that can be leveraged on top of those frameworks.

Learn more in the FAIR Book