Attention: the FAIR model we know and love has a fresh new look!
Originally created by Jack Jones, the FAIR model provides a standard taxonomy and ontology for information and operational risk. This refreshed resource is conveniently paired with key definitions; a list of various forms of loss to account for in your risk modeling; key steps to analysis scoping; and tips for calibration.
What is FAIR?
If you’re new to the Institute, you may be wondering what this term means. FAIR, short for “Factor Analysis of Information Risk,” is the only international standard quantitative model for information security and operational risk. Benefits to following the FAIR model, include:
- Speaking in one, common language concerning your organization's risk
- Ability to consistently study and apply risk to any object or asset
- A strong understanding of how time and money will impact your security profile
- And more! Visit our FAIR FAQs page for more insight into the value of FAIR reasoning.
Why would my organization want to use FAIR?
Each and every organization or enterprise is inherently at risk on a number of levels. FAIR is a methodology used to quantify and manage these varying levels of risk. As the only international standard quantitative model for information security and operational risk, FAIR is the industry’s trusted risk quantification model for companies that seek to:
- Identify their levels of risk in financial terms. FAIR is unlike conventional risk assessments that focus on output in qualitative terms on color charts or numerical weighted scales.
- Build a strong foundation for developing a scientific approach to information risk management vs. the usual ineffective “plug and play” methods too often used today.
- Communicate more effectively about their levels of risk and how to mitigate surprises. Knowing your levels of risk is the first step to budgeting appropriately for them.
- Make the most effective use of their time in the boardroom. FAIR followers are able to challenge and defend risk decisions using an advanced risk model by speaking in the Board’s language of dollars and cents.
Interested in learning more about FAIR?
Many FAIR devotees agree they became enlightened after reading Jack’s book, “Measuring and Managing Information Risk: A FAIR Approach.” Click here to learn more about what this book offers and how you can order a copy of your own.
The FAIR Institute also provides rigorous FAIR training – both on-site and online – led by our technical advisors at RiskLens. Click here to learn how you can sign up, as an individual student or with a group of your colleagues!