FAIR Institute Blog

Factor Analysis of Information Risk (FAIR™) defines “risk” in a way that’s both simple and useful.  

Risk = the probable frequency and probable magnitude of future loss

FAIR Evangelists - Here's a short handy, persuasive explainer about the FAIR™ standard for cyber risk quantification that you can download in pdf form, suitable as a leave-behind after meeting with a small group or for circulating throughout your organization. 

The Australian Prudential Regulation Authority (APRA), the licensing authority for banks, employer-sponsored retirement (“superannuation”) funds, financial services and insurance companies, is placing responsibility for cybersecurity squarely on board members

It’s a risk analyst’s nightmare: An extremely low-frequency event with extremely high magnitude impact. That’s what the state of Texas has been living through

Are your risk analyses suffering from scope creep, uncooperative SMEs, unbelievable results? Or are you just looking to make your well-oiled quantitative risk analysis process run even more smoothly?

Únase a nosotros para la presentación del seminario web de casos de uso, organizada por el Instituto FAIR en español, para aprender sobre el uso de FAIR para la implementación de un nuevo sistema de TI en Ascena Retail Group

As a FAIR consultant, I have seen many organizations go through the transformation from qualitative to quantitative risk management.

Critical Thinking – it’s always promoted as a core skill needed for any Factor Analysis of Information Risk (FAIR™) practitioner. Rightly so.

Implementing the FAIR standard requires more effort than procuring a tool, such as slamming a shiny new firewall into an organization’s environment. FAIR requires a culture change.

You’re all fired up about Factor Analysis of Information Risk (FAIR™) and eager to bring the transformative power of cyber risk quantification to your organization—but for now, you’re a voice crying in the wilderness of red-yellow-green heat maps