FAIR Institute Blog

Insurance data may not be useful for many CISO decisions as it doesn’t account for probabilities specific to the organization.

Stop spending millions on cybersecurity and hoping that cyber threats will go away – move to a quantitative, risk-based strategy.

Risk, Threat and Vulnerability take on a deeper meaning when used for quantitative cyber risk analysis.

How to triage threats with DREAD qualitative analysis, to feed into FAIR quantitative risk analysis.

Where does inherent risk end and residual risk begin? Does inherent even exist? We explain, with some guidance on applying FAIR cyber risk quantitative analysis to define, manage and mitigate inherent risk and residual risk.

Jack Jones explainins two risk management concepts often confused in risk analysis.

Concepts that can be shared within an organization as a common point of reference for quantitative risk analysis and risk-based decision-making.

As the interest in Cyber Risk Quantification has begun to explode in the marketplace, vendors have responded to the call.

Why this open standard has become the most most widely used approach to quantitative risk analysis in cybersecurity.

Proprietary risk models can't compete with the open standard for cyber risk quantification.