What it does: FAIR gives a mannequin for understanding, analyzing, and quantifying cyber threat and operational threat in monetary phrases, based on the Honest Institute. It’s not like threat evaluation frameworks that focus their output on qualitative coloration charts or numerical weighted scales. As an alternative it builds a basis for growing a strong method to info threat administration.
The way it operates: Developed by Jack Jones, former CISO of Nationwide Mutual Insurance coverage, FAIR is primarily involved with establishing correct possibilities for the frequency and magnitude of information loss occasions. It’s not a technique for performing an enterprise or particular person threat evaluation, however gives a means for organizations to know, analyze, and measure info threat.
Elements embrace a taxonomy for info threat, standardized nomenclature for information-risk phrases, a technique for establishing data-collection standards, measurement scales for threat components, a computational engine for calculating threat, and a mannequin for analyzing complicated threat eventualities.
