PDF | Thought Leadership
Version 2 Updated for Release - February 2023.
From Jack Jones, Chairman of the FAIR Institute and creator of the FAIR model for cyber risk quantification (CRQ) — the definitive guide to understanding CRQ: What it is (and isn't), its value proposition and limitations, and facts regarding the misperceptions that are commonplace.
If you’re considering or are actively shopping for an analysis solution that treats cyber risk in financially-based business terms, Jack’s extensive, jargon-free guide — including an evaluation checklist — will give you the objective and practical advice you need.
And just in time. There’s never been more interest or, frankly, confusion in the marketplace over what exactly is cyber risk quantification. As you’ll read in this buyer guide, many solutions may count vulnerabilities, provide ordinal values, or deliver numeric “maturity” scores but don’t measure risk, let alone put a financial value on it to help make business decisions.
This paper answers questions such as:
The 'Understanding Cyber Risk Quantification' guide is designed to be of use to security and risk executives, industry analysts, consultants, auditors, investors, and regulators--essentially anyone who has a stake in how well cyber risk is managed.