Analyst's Guide to Cyber Risk Data Sources

Draft for Comment

The FAIR Institute is pleased to share a comment draft version of the Analyst’s Guide to Cyber Risk Data Sources—a practical resource for aligning real-world data with the FAIR model. This guide helps analysts understand how to use telemetry, SME input, and public sources (like the Verizon DBIR and Cyentia IRIS) to support FAIR-based risk quantification, monitoring, and management.

The guide maps common data types to each FAIR factor, clarifies where perfect data isn’t necessary, and provides usage guidance to support transparency and defensibility. It also highlights the critical role of asset data, system integration, and cyber risk engineering in scaling a modern risk program.

We invite feedback from FAIR practitioners and the broader community as we refine this resource. Your input will help ensure it’s as useful and actionable as possible.