FAIR Institute

FAIR Institute

The FAIR Institute is a research-driven not-for-profit organization dedicated to advancing the discipline of cyber and operational risk management through education, standards and collaboration. The Institute is made up of forward-thinking risk officers, cybersecurity leaders and business executives that operates with a central mission: “Establish and promote risk management best practices that empower security and risk professionals to collaborate with their business partners on achieving the right balance between protecting the organization and running the business.” Factor Analysis of Information Risk (FAIR™) is the framework and the driver behind our mission.

Why FAIR Institute?

Factor Analysis of Information Risk (FAIR™) is the only international standard quantitative model for information security and operational risk. - FAIR provides a model for understanding, analyzing and quantifying cyber risk and operational risk in financial terms. It is unlike risk assessment frameworks that focus their output on qualitative color charts or numerical weighted scales. FAIR's risk model components are specifically designed to support risk quantification with a standard taxonomy and ontology for information and operational risk, a framework for establishing data collection criteria and a modeling construct for analyzing complex risk scenarios. With FAIR™, you can: - Speak in one language concerning your risk; - Take a portfolio view to organizational risk; - Challenge and defend risk decisions using an advanced risk model; and - Understand how time and money will impact your security profile.

Resources

• Download 2023 - Understanding Cyber Risk Quantification A Buyer’s Guide V2
• Download 2024 Cybersecurity Risk Report_FAIR Institute
• Download Infographic - The FAIR Model 2020
• Download Introduction to the FAIR Controls Analytics Model (FAIR-CAM™)_
• Download Introduction to the FAIR Materiality Assessment Model (FAIR-MAM)_V1