Organizations are increasingly transitioning to risk-based approaches to information security and operational risk, as compliance to regulations alone provide only a minimum layer of security and fail to adequately protect them.
Factor Analysis of Information Risk (FAIR) is the only international standard quantitative model for information security and operational risk.
FAIR's risk model components are specifically designed to support risk quantification:
Login on the
Also free - a full-size version of the FAIR risk model, available here for download.
The Open Group has chosen FAIR as the international standard information risk management model. The Open Group has published two standards, O-RT, Risk Taxonomy Standard, and O-RA, Risk Analysis Standard, comprising Open FAIR.
FAIR's risk analysis capabilities complement the existing risk management frameworks.