FAIR is a standard quantitative model for information and operational risk that helps information risk, cybersecurity and business executives measure, manage and communicate on information risk in a language that business understands, dollars and cents. To ramp up quickly, take advantage of the following resources.
FAIR empowers risk officers to transform their organizations and to move from a compliance-based to a risk-based approach to information security and operational risk. This is where it all begins: our mission.
The Open Group, an international consortium and standards body, has selected FAIR as the international standard information risk management model, following a most rigorous evaluation and comparison with other risk methodologies.
The FAIR model defines the necessary building blocks for quantifying information risk and implementing effective information risk management programs. After all, "You cannot manage what you don't measure."
FAIR decomposes risk in discrete factors to allow for the quantification of information and operational risk, as a true Value-at-Risk model. The model includes a standard nomenclature and an ontology that can be the foundation of any risk management program.
The FAIR book, "Measuring and Managing Information Risk: a FAIR Approach," is the ultimate guide and resource for information risk professionals who want to learn everything there is to know about FAIR and to implement a data-driven, business-aligned risk management program.
If you are still uncertain about what FAIR is and if it is right for your organization, the FAIR FAQ page provides crisp answers to frequently asked questions.
Learn from the experts and help your organization adopt FAIR and implement a data-driven, business-aligned risk management program. Get your career to the next level by getting trained and certified by an accredited FAIR Training organization.
One of the valuable benefits of being a member of the FAIR Institute is access to its community of experts in the industry. Collaborate and tap into a wealth of information risk knowledge.
The FAIR Institute Blog is probably the best resource to stay up-to-date on the latest developments within the FAIR community and to continue learn about the FAIR model and its application to information security as well as operational risks.