Factor Analysis of Information Risk (FAIR™) is referred to as the standard model for cyber risk quantification – and it is indeed that highly useful tool for analyzing risk in non-technical, business terms. But it’s also a set of key concepts that enable critical thinking
Imagine that you’re looking for an encryption solution. There are many providers on the market, all of whom use one of the well-vetted public encryption standards. But let’s imagine there’s a new player in the market — one that claims to have a vastly improved, but proprietary, solution.
It was bound to happen. For years, Factor Analysis of Information Risk (FAIR™) was, for all intents and purposes, the only Cyber Risk Quantification (CRQ) model out there.
Douglas Hubbard, the risk analysis thought leader, author of How to Measure Anything: Finding the Value of Intangibles in Business, and major influence on the FAIR™ movement, leads a one-day seminar
"Cyber risk quantification” – it’s a term loosely applied to putting any kind of number on risk in cybersecurity. But there is a highly developed standard for quantitative analysis of cyber risk in the financial terms that support well-informed decision-making: Factor Analysis of Information Risk (FAIR™).
The 2022 FAIR Conference (FAIRCON22), the premiere global conference for quantitative risk management, will be held on September 27 & 28 (Tues. and Wed.) at the Mandarin Oriental Hotel in Washington, D.C.
Just starting with the fundamentals of Factor Analysis of Information Risk (FAIR™) or looking to accelerate an established FAIR quantitative risk management program into hyperdrive, you’ll find a training course to meet your objectives
It’s not often that I’m surprised by someone’s actions on the Internet, but I’ll admit to being surprised today.
FAIR Institute leaders and members like to practice critical thinking and questioning conventional wisdom, and those skill sets can generate a steady supply of fresh insights
When one hears about challenges in cyber risk quantifications, many topics such as reporting, data sourcing, budget, etc. may come to mind, but one of the most challenging aspects is scenario scoping