Fair™ is a methodology for quantifying and managing risk in organisations of any size. It helps organisations specify, describe and analyse their risks; enabling them to be effectively managed. FAIR aids analysts and organisations to express probable likelihoods and impacts in monetary values, which allows business leaders to make informed prioritisation and treatment decisions.
FAIR stands for Factor Analysis of Information Risk. It is a risk methodology used to quantify cyber and operational risks in financial terms. This enables comparison and prioritisation with other business risks and supports the business case for managing risks appropriately.
The FAIR methodology was created by Jack Jones and more information about the framework and resources can be found on the FAIR Institute’s website.
The FAIR methodology breaks risks down into levels of abstraction, however, you only need to go as far down this model as is appropriate depending on the data you have available.
The model helps you analyse and quantify risks, and aids in the development in a robust and defensible case for the appropriate management of risk.
It also provides organisations with a common language for discussing risks, reduces the chance of misinterpretation, ensures that all assumptions have been documented, and provides reasoning for why risks have been included or discounted. This ensures the organisation can repeat the risk analysis, enabling trend comparisons over time.
Focus on probability in risk assessments rather than possibility.
All things are possible, given enough time. Instead, focus on what is probable in a given timeframe to enable better, risk-informed decisions to be made.
When using the FAIR taxonomy only go as far down the model as you need to i.e., if the data you need to analyse your risk is available at level two, you do not need to waste time and effort going all the way down to level four.
Keep it simple for yourself as the analyst.
Remember we need a useful degree of precision, not 100% precision.
If you’re asked the length of a cruise ship, for example, you wouldn’t need to know to the exact centimetre (unless you were an engineer on the boat). Instead you’d want to know to the nearest metre or ten meters. That’s a useful degree of precision.
We use the FAIR methodology in our security and privacy consulting services to benefit our clients take a proportionate and risk-based view of their security and privacy activities.
Principle Defence is also an Approved Training Centre with The Open Group for our accredited Open FAIR™ Foundation Course. We can train risk professionals and those in organisations who want to use the FAIR™ methodology.
We have experts here to help you
Cookie | Duration | Description |
---|---|---|
__stripe_mid | 1 year | Stripe sets this cookie cookie to process payments. |
__stripe_sid | 30 minutes | Stripe sets this cookie cookie to process payments. |
cookielawinfo-checkbox-advertisement | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category . |
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
CookieLawInfoConsent | 1 year | Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie. |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
Cookie | Duration | Description |
---|---|---|
CONSENT | 2 years | YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data. |
Cookie | Duration | Description |
---|---|---|
NID | 6 months | NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads. |
VISITOR_INFO1_LIVE | 5 months 27 days | A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface. |
YSC | session | YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages. |
yt-remote-connected-devices | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt-remote-device-id | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
Cookie | Duration | Description |
---|---|---|
m | 2 years | No description available. |