What it does: FAIR supplies a mannequin for understanding, analyzing, and quantifying cyber danger and operational danger in monetary phrases, in accordance with the Honest Institute. It’s not like danger evaluation frameworks that focus their output on qualitative coloration charts or numerical weighted scales. As a substitute it builds a basis for creating a strong method to data danger administration.
The way it operates: Developed by Jack Jones, former CISO of Nationwide Mutual Insurance coverage, FAIR is primarily involved with establishing correct chances for the frequency and magnitude of knowledge loss occasions. It isn’t a technique for performing an enterprise or particular person danger evaluation, however supplies a approach for organizations to grasp, analyze, and measure data danger.
Parts embody a taxonomy for data danger, standardized nomenclature for information-risk phrases, a way for establishing data-collection standards, measurement scales for danger elements, a computational engine for calculating danger, and a mannequin for analyzing complicated danger eventualities.
