What it does: FAIR supplies a mannequin for understanding, analyzing, and quantifying cyber threat and operational threat in monetary phrases, in line with the Honest Institute. It’s not like threat evaluation frameworks that focus their output on qualitative shade charts or numerical weighted scales. As an alternative it builds a basis for growing a strong method to data threat administration.
The way it operates: Developed by Jack Jones, former CISO of Nationwide Mutual Insurance coverage, FAIR is primarily involved with establishing correct chances for the frequency and magnitude of information loss occasions. It isn’t a strategy for performing an enterprise or particular person threat evaluation, however supplies a approach for organizations to grasp, analyze, and measure data threat.
Parts embody a taxonomy for data threat, standardized nomenclature for information-risk phrases, a technique for establishing data-collection standards, measurement scales for threat elements, a computational engine for calculating threat, and a mannequin for analyzing complicated threat eventualities.
