Here we examine three important FAIR™ terms that can confuse those learning FAIR. In addition, reference links are provided to a recently revised set of formal Open Group FAIR standards documentation.
The Open Group Security Forum, the experts who maintain Factor Analysis of Information Risk (FAIR™) as the international standard for cyber risk quantification, recently updated the Open FAIR Body of Knowledge to clarify some risk terminology, including this statement:
How do you define key terms such as “inherent risk”, “quantitative risk analysis”, “risk appetite” or “vulnerability”? Do your colleagues define them the same way?