FAIR (Factor Analysis of Information Risk) is the go-to standard for cyber risk analysis and quantification. It provides a method and model for understanding, analyzing, and quantifying information risk in financial terms.
FAIR Benefits
The adoption of an FAIR-based approach brings the organization benefits including:
- Improved communication and understanding of risk through the use consistent terms and language.
- A structured way to model risk, which leads to more thorough analysis.
- Risk presented in financial terms, enabling cost/benefit analysis.
FAIR's Modular Approach
Organizations can implement FAIR modularly by plugging it into an existing risk management process. It can be phased in slowly or implemented as a forklift upgrade.
FAIR complements existing security frameworks such as the NIST Cyber Security Framework, NIST 800-53, and ISO 27000.
FAIR quickly begins producing quantitative measures of risk that can be used to improve decision-making.
"Apps [HealthGuard's Founder & CEO] is the person I think of when I think of healthcare InfoSec. You won't find anyone stronger in the field."
Jack Jones
Creator of FAIR