Factor Analysis of Information Risk (FAIR)

A Methodology for Quantifying and Managing Cyber and Operational Risk in Any Organization

Factor Analysis of Information Risk (FAIRTM) was conceived as a way to provide meaningful measurements so that it could satisfy management's desire to make effective comparisons and well-informed decisions. The FAIRTM quantitative risk analysis model has become the only international standard Value at Risk (VaR) model for cybersecurity and operational risk.

  • FAIRTM provides a model for understanding, analyzing and quantifying information risk in financial terms.
  • It is unlike risk assessment frameworks that focus their output on qualitative color charts or numerical weighted scales.
  • It builds a foundation for developing a robust approach to information risk management.

417NjDVYgtL._SX404_BO1204203200_.jpgFAIR's risk model components are specifically designed to support risk quantification:

  • Assess cyber risk financially: Understand your cyber risk from the business perspective and communicate with the Board and Executive teams in a language that everybody understands
  • Prioritize remediation efforts: Prioritize risk mitigation initiatives based on their capacity to reduce business risk. Optimize your cybersecurity budgets.
  • Justify security investments and demonstrate ROI: Drive security investments by demonstrating their impact against risk. Demonstrate program effectiveness by tracking changes to risk overtime.
  • Meet growing regulatory pressures: Respond to the growing drum beat of regulators demanding that cyber risk assessments be articulated in financial terms.


Learn more about Building a Risk Management Program with FAIR


Diverse & Established Member Base

30% of Fortune 1000 Companies are Represented at the FAIR Institute

FAIR Institute members include information risk, operational risk, cybersecurity and business executives from a large variety of organizations across multiple industries, including: banking, consulting, energy, government, healthcare, insurance, learning, logistics, manufacturing, retail, technology, travel, transportation and many other types of business services. See the full member organization list here.

  • Institute members come from 87 different countries
  • 20% of the member base is comprised of senior leadership of security and risk, including CISOs, Vice Presidents, Heads of Security, and C-Suite
  • Executives from the largest companies in the world
  • Nearly 30% of Fortune 1000 companies are represented in Institute Membership
  • 8 of the Fortune 10 organizations have members in the Institute
  • 75% of the Fortune 50 are member organizations of the FAIR Institute

Enabling Risk Management Programs that Actually Work

Pen-Testing your Board Pitch


Become a Member Today

Join the growing community of leading thinkers in cybersecurity and risk

Members of the FAIR Institute take advantage of many benefits. The greatest benefit is access to the exclusive community of information risk officers, cyber security leaders and business executives who share their experience and knowledge on the growing discipline of information risk management.

Members also receive:

  • Full access to our ever-growing Resource Library and content generated by the Institute,
  • Discounts on events and the annual FAIR Conference,
  • Weekly blog updates,
  • Much More

Membership in the FAIR Institute is currently free. All of our costs are underwritten by our Technical Advisor, Partners and Sponsors. 



Free Individual Membership

General Membership Application

$150 Annual Fee

Apply for Contributing MembershipArtboard 34-8

Group Membership - See details

Enterprise Membership Program

LINK Online Resource Library
Consultation with FAIR Enablement Specialists (FES)
Job Board
Weekly Blog Summary
Local Chapter Meetings
FAIR-U Training Application
FAIR University Curriculum
General Webinars
Exclusive Thought Leadership Webinars  
Early Access to New Institute Projects  
Copy of the FAIR Book  
$100 Discount on Any Training Course    
Invites to Executive Dinners    
Discount on FAIR Conference    
FAIR Fundamentals Group Training Discount    
Executive Cyber Risk Training Discount    
Risk Management Maturity Assessment    
  General Membership Application Apply for Contributing Membership

Enterprise Membership Program

Download 'Understanding Cyber Risk Quantification: Buyer’s Guide'

Advice for a solution that treats cyber risk in financially-based business terms

From Jack Jones, Chairman of the FAIR Institute and creator of the FAIR model for cyber risk quantification (CRQ) — the definitive guide to understanding CRQ: What it is (and isn't), its value proposition and limitations, and facts regarding the misconceptions that are commonplace. 

This paper answers questions such as: 

  • What does CRQ provide that I'm not already getting from other cyber risk-related measurements?
  • What makes CRQ reliable? Why should I believe the numbers?
  • Do I have enough data to run an analysis?



CRQ Buyers Guide