Microsoft Learn, the software giant’s educational site for developers, architects and IT administrators, now highlights FAIR™ (Factor Analysis of Information Risk) in its tutorials on cloud security.
“FAIR sets the fair market value for cybersecurity risk,” the module on cloud security responsibilities says.
FAIR’s special benefit for cloud risk management: “It takes account of the multiple factors that jointly comprise privacy and calculates how adjustments to roles and responsibilities for these factors may have a direct impact upon customer privacy.”
The module sets a context for risk management that will be familiar to FAIR practitioners. It cites the (ISC)2, definition of risk management as focused on “applicable risks to asset confidentiality, integrity and availability."
“It is not, as some have interpreted it in the context of information systems, a life support system, or a mechanism for preserving these systems in the face of threats,” the cloud security module says. “Rather, it is the opposite.
“Risk management mandates that systems be adaptable and modifiable to a reasonable extent. That's what the ‘applicable’ part means here - it's a measure of fairness.
Praise for the FAIR Institute
“One international IT industry organization that has endeavored to maintain a standard of fairness for quantifying risk is the FAIR Institute” advancing FAIR “whose goal is to quantitatively ascertain the amount of loss an organization is prepared to sustain if the security of an information asset is compromised.”
The complicated web of shared responsibility between a cloud vendor and its customer on privacy issues “is one more justification for the FAIR risk-management model,” the Microsoft training site says.
More recent recognition for FAIR from an influential organization…The SANS Institute is just out with its latest Security Leadership poster, titled the “CISO Mind Map” – and in the“Risk Management” section, the poster has FAIR in the #1 position among “risk frameworks.” SANS offers FAIR training in partnership with the RiskLens Academy.
