Why did FAIR™ (Factor Analysis of Information Risk) emerge as the de facto number-one standard model for cyber, technology and operational risk analysis? No other risk model supports defensible quantitative analysis in the financial terms
A recent report by an industry research firm stated that, for quantitative cyber risk management, CISOs had to choose among Factor Analysis of Information Risk (FAIR™), proprietary models for risk analysis or a combination of the two.
By quantifying cyber risk in financial terms, Factor Analysis of Information Risk (FAIR™) brings a bottom-line focus to budgeting and spending decisions
Risk managers are always seeking to address the cybersecurity and technology risks that matter most to their organizations. But you can’t analyze and prioritize what you don’t identify.
You can’t get a more authoritative introduction to Factor Analysis of Information Risk than this webinar for ISACA by Jack Jones, creator of FAIR™ and Chairman of the FAIR Institute, and his co-author on the FAIR book, Jack Freund
In a new book, Noise: A Flaw in Human Judgment, Daniel Kahneman and co-authors study professional judgments made in hiring, sentencing, insurance underwriting, medical diagnosis and many more fields
We often talk about the “FAIR™ journey” up from qualitative, compliance-oriented, or other less disciplined forms of cyber risk management to Factor Analysis of Information Risk.
Jack Whitsitt has been a FAIR practitioner since 2016, built the quantitative risk analysis program at Bank of America and is now doing the same at Datto (the services provider to MSPs)
Factor Analysis of Information Risk (FAIR™) defines “risk” in a way that’s both simple and useful.
Risk = the probable frequency and probable magnitude of future loss
FAIR Evangelists - Here's a short handy, persuasive explainer about the FAIR™ standard for cyber risk quantification that you can download in pdf form, suitable as a leave-behind after meeting with a small group or for circulating throughout your organization.