FAIR Institute Blog

Factor Analysis of Information Risk (FAIR™) is referred to as the standard model for cyber risk quantification – and it is indeed that highly useful tool for analyzing risk in non-technical, business terms. But it’s also a set of key concepts that enable critical thinking

"Cyber risk quantification” – it’s a term loosely applied to putting any kind of number on risk in cybersecurity. But there is a highly developed standard for quantitative analysis of cyber risk in the financial terms that support well-informed decision-making: Factor Analysis of Information Risk (FAIR™). 

It’s not often that I’m surprised by someone’s actions on the Internet, but I’ll admit to being surprised today.

Why did FAIR™ (Factor Analysis of Information Risk) emerge as the de facto number-one standard model for cyber, technology and operational risk analysis? No other risk model supports defensible quantitative analysis in the financial terms

A recent report by an industry research firm stated that, for quantitative cyber risk management, CISOs had to choose among Factor Analysis of Information Risk (FAIR™), proprietary models for risk analysis or a combination of the two.

By quantifying cyber risk in financial terms, Factor Analysis of Information Risk (FAIR™) brings a bottom-line focus to budgeting and spending decisions

Risk managers are always seeking to address the cybersecurity and technology risks that matter most to their organizations. But you can’t analyze and prioritize what you don’t identify.

You can’t get a more authoritative introduction to Factor Analysis of Information Risk than this webinar for ISACA by Jack Jones, creator of FAIR™ and Chairman of the FAIR Institute, and his co-author on the FAIR book, Jack Freund

In a new book, Noise: A Flaw in Human Judgment, Daniel Kahneman and co-authors study professional judgments made in hiring, sentencing, insurance underwriting, medical diagnosis and many more fields