Why quantify cyber risk?
How to quantify Information Risk?
FAIR (Factor Analysis of Information Risk) is a framework that
defines the variables that compose a risk scenario, beyond the usual probability times impact formula
Uses calibrated estimates to associate ranges of values to each of those variables
uses Montecarlo probabilistic computation to simulate thousands of scenarios and their possible outcomes
Provides a range of probable financial losses for a given Cyber Risk scenario.
The resulting Value at Risk framework helps organisations to make better risk-informed decisions to improve their cyber resilience
What is the FAIR(TM) Standard?
FAIR (TM) (Factor Analysis of Information Risk (TM) ), an Open Group (TM) Standard, is a practical framework for understanding, measuring and analyzing information risk, and ultimately, for enabling well-informed decision making.
The use of FAIR (TM) helps prioritize your organization's
investment in Cyber Risk Management by facilitating risk
assessment and quantifying risk in financial terms.
It complements existing frameworks like NIST Cyber Security Framework, ISO/IEC 27005, EBIOS