FAIR Institute Launches Research Initiative to Extend the FAIR Standard to AI, Third-Party Risk, Materiality Analytics

In response to requests from our membership, the FAIR Institute’s FAIR Standards Workgroups kicked off an ambitious initiative to extend the FAIR™ standard out to the new frontiers of risk measurement and management. 

FAIR (Factor Analysis of Information Risk) developed by Jack Jones and popularized in his 2014 book Measuring and Managing Information Risk, has become the standard for quantifying information and operational risk, recommended as a resource by the National Institute of Technology and Standards Cybersecurity Framework (NIST CSF) and many other authorities. 

In 2021, Jack introduced the FAIR Controls Analytics Model (FAIR-CAM™) a standard that describes the complex ways that controls operate individually or in a system to affect frequency and magnitude of loss. The Institute will soon announce that FAIR-CAM has been mapped to the controls in the NIST CSF, and the Standards Workgroups will continue development in 2024. Learn more in this blog post:

Mapping FAIR-CAM to Cybersecurity Frameworks: ‘Compliance Is Going to Radically Change

Note: The FAIR Institute seeks suggestions from our members for research projects. Please contact our research director Pankaj Goyal.


More FAIR Standard Extensions in Development for More Accurate Risk Analysis

>>FAIR Materiality Assessment Model (FAIR-MAM™)

The 2023 rule on cyber risk disclosure from the Securities and Exchange Commission exposed the problem that many companies are not equipped to assess and disclose material risks from cybersecurity incidents in a timely, accurate way. FAIR-MAM™ expands the loss magnitude factors of the FAIR™ model and provides a more detailed taxonomy and breakdown of the loss categories driven by cybersecurity incidents. One of the Standards Workgroups will be developing and publishing more use cases for FAIR-MAM. Learn more: 

Introducing FAIR-MAM™ - A Comprehensive Approach to Loss Modeling in FAIR™ (Video)

Free FAIR Inst membership required to view. Join now!

How Material Is that Hack? – Assessment Tool from the FAIR Institute

>>The FAIR AIR Approach for Generative AI Risk (FAIR AIR™)

The hot topic going into 2024 (and beyond): Quantifying risk associated with artificial intelligence deployment for both offensive and defensive use. A Standards Workgroup is just getting rolling on AI, but for a preview of applying FAIR to AI, watch the video of this session at the 2023 FAIR Conference from two of our most experienced FAIR analysts: 

The Good News on AI Risk – We Can Analyze It with FAIR (FAIRCON23)

Free FAIR Inst membership required to view. Join now!

>>FAIR Third-Party Assessment Model (FAIR-TAM)

Call it third-party, vendor or supply chain risk exposure, it’s been a difficult problem to crack for FAIR analysts, with all the uncertainties of collecting information from the outside in. A Standards Workgroup will tackle it starting in 2024, starting with this high-level look at the problem space:

FAIRCON23 - Third Party Risk Matrix

Learn more in this session from the 2023 FAIR Conference:

How to Re-think Third-Party Risk with FAIR-TAM™

Free FAIR Inst membership required to view. Join now!

About the FAIR Institute Standards Committee and Workgroups

The Standards Committee maintains and governs the FAIR Taxonomy and Analytics Model as well as the standard extensions and other deliverables created by the Standards Workgroups. The members of those bodies are a distinguished group of FAIR practitioners at Meta, Google, Cisco and other CRQ champions and led by FAIR Institute Chairman Jack Jones and Standards and Research Director Pankaj Goyal.

Learn more about the FAIR Institute’s research programs.

Standards Committee Members

Jack Jones, Chairman, FAIR Institute

Pankaj Goyal, Director, Standards & Research, Fair Institute

Denny Wan, Sydney Chapter Chair, FAIR Institute

Mike Radigan, Cyber Risk Advisor, Cisco

Michael Coden, Senior Advisor, BCG

Workgroup Members


Brandon Sloane, Information Security Risk Management Lead, Meta

Omar Khawaja, VP Security, Field CISO, Databricks

Dr. Keyun Ruan, Risk Economics & Strategy, Google Cloud CISO, Alphabet

Jack Jones, Chairman, FAIR Institute

Pankaj Goyal, Director, Standards & Research, FAIR Institute

Supply Chain Risk

Mike Wilson, CISO, Molina Healthcare

Marek Jakubczak, Supplier Cyber Security Risk & Assurance Director, GSK

Denny Wan, Sydney Chapter Chair, FAIR Institute

Erica Eager, Sr. Director, Risk Quantification, Safe Security

Pankaj Goyal, Director, Standards & Research, FAIR Institute

Materiality Analytics 

(Members to be determined)





Learn How FAIR Can Help You Make Better Business Decisions

Order today
image 37