FAIR Institute Blog

How to Use DREAD Analysis with FAIR

[fa icon="calendar'] Feb 21, 2023 5:54:00 PM / by Taylor Maze posted in FAIR

[fa icon="comment"] 0 Comments

Let’s talk DREAD (threat modeling, not the overwhelming feeling of despair associated with your reoccurring 4:30 p.m. Friday meeting). So, what is the DREAD threat model?

Read More [fa icon="long-arrow-right"]

Inherent Risk vs. Residual Risk Explained in 90 Seconds

[fa icon="calendar'] Feb 15, 2023 5:09:00 PM / by Rachel Slabotsky posted in FAIR

[fa icon="comment"] 18 Comments

I recently had a conversation with clients around a risk analysis they conducted and noticed as they walked me through it that they seemed to get hung up on the terms “inherent risk” and “residual risk” and the inherent risk definition for that particular scenario.

Read More [fa icon="long-arrow-right"]

'Risk Appetite' vs. 'Risk Tolerance'. What’s the Difference?

[fa icon="calendar'] Feb 7, 2023 4:49:00 PM / by FAIR Institute Staff posted in FAIR, Risk Management

[fa icon="comment"] 6 Comments

The terms “risk appetite” and its close cousin “risk tolerance” are often poorly understood, very rarely used to good effect, and commonly used interchangeably.

Read More [fa icon="long-arrow-right"]

3 Key Concepts in FAIR

[fa icon="calendar'] Aug 8, 2022 8:30:00 AM / by Jeff B. Copeland posted in FAIR

[fa icon="comment"] 0 Comments

Factor Analysis of Information Risk (FAIR™) is referred to as the standard model for cyber risk quantification – and it is indeed that highly useful tool for analyzing risk in non-technical, business terms. But it’s also a set of key concepts that enable critical thinking

Read More [fa icon="long-arrow-right"]

Attacking FAIR - A Reply by Jack Jones

[fa icon="calendar'] Jul 27, 2022 5:42:49 PM / by Jack Jones posted in FAIR, Jack Jones

[fa icon="comment"] 1 Comment

It was bound to happen.  For years, Factor Analysis of Information Risk (FAIR™) was, for all intents and purposes, the only Cyber Risk Quantification (CRQ) model out there.

Read More [fa icon="long-arrow-right"]

10 Reasons Why FAIR Is the Standard for Cyber Risk Quantification (Infographic)

[fa icon="calendar'] Jul 19, 2022 2:21:15 PM / by Jeff B. Copeland posted in FAIR

[fa icon="comment"] 0 Comments

"Cyber risk quantification” – it’s a term loosely applied to putting any kind of number on risk in cybersecurity. But there is a highly developed standard for quantitative analysis of cyber risk in the financial terms that support well-informed decision-making: Factor Analysis of Information Risk (FAIR™)

Read More [fa icon="long-arrow-right"]

Jack Jones Rebuts ‘FAIR Fatigue’, an Article Filled with Misrepresentations of Factor Analysis of Information Risk (FAIR), the Standard for Risk Quantification

[fa icon="calendar'] Jul 11, 2022 3:50:04 PM / by Jack Jones posted in FAIR

[fa icon="comment"] 1 Comment

It’s not often that I’m surprised by someone’s actions on the Internet, but I’ll admit to being surprised today.

Read More [fa icon="long-arrow-right"]

10 Reasons Why FAIR Is Winning

[fa icon="calendar'] May 17, 2022 3:57:43 PM / by Nicola (Nick) Sanna posted in FAIR

[fa icon="comment"] 0 Comments

Why did FAIR™ (Factor Analysis of Information Risk) emerge as the de facto number-one standard model for cyber, technology and operational risk analysis? No other risk model supports defensible quantitative analysis in the financial terms

Read More [fa icon="long-arrow-right"]

FAIR vs. Proprietary Cyber Risk Analysis Models: What’s the Difference? Jack Jones Explains

[fa icon="calendar'] Mar 9, 2022 10:38:13 AM / by Jeff B. Copeland posted in FAIR

[fa icon="comment"] 0 Comments

A recent report by an industry research firm stated that, for quantitative cyber risk management, CISOs had to choose among Factor Analysis of Information Risk (FAIR™), proprietary models for risk analysis or a combination of the two.

Read More [fa icon="long-arrow-right"]

4 Ways FAIR Cyber Risk Analysis Saves Money

[fa icon="calendar'] Mar 2, 2022 5:13:31 PM / by Jeff B. Copeland posted in FAIR, Risk Management

[fa icon="comment"] 0 Comments

By quantifying cyber risk in financial terms, Factor Analysis of Information Risk (FAIR™) brings a bottom-line focus to budgeting and spending decisions

Read More [fa icon="long-arrow-right"]
LEARN MORE
Content not found

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts