Factor Analysis of Information Risk (FAIR) is a taxonomy of the factors that contribute to risk and how they affect each other. It is primarily concerned with establishing accurate probabilities for the frequency and magnitude of data loss events. It is not a methodology for performing an enterprise (or individual) risk assessment.
FAIR is also a risk management framework developed by Jack A. Jones, and it can help organizations understand, analyze, and measure information risk according to .
A number of methodologies deal with risk management in an IT environment or IT risk, related to information security management systems and standards like ISO/IEC 27000-series.
FAIR complements the other methodologies by providing a way to produce consistent, defensible belief statements about risk.
Although the basic taxonomy and methods have been made available for non-commercial use under a creative commons license, FAIR itself is proprietary. Using FAIR to analyze someone else's risk for commercial gain (e.g. through consulting or as part of a software application) requires a license from RMI.
FAIR's main document is "An Introduction to Factor Analysis of Information Risk (FAIR)", Risk Management Insight LLC, November 2006;
The contents of this white paper and the FAIR framework itself are released under the Creative Commons Attribution-Noncommercial-Share Alike 2.5 license. The document first defines what risk is. The Risk and Risk Analysis section discusses risk concepts and some of the realities surrounding risk analysis and probabilities. This provides a common foundation for understanding and applying FAIR. The Risk Landscape Components section briefly describes the four primary components that make up any risk scenario. These components have characteristics (factors) that, in combination with one another, drive risk. Risk Factoring begins to decompose information risk into its fundamental parts. The resulting taxonomy describes how the factors combine to drive risk, and establishes a foundation for the rest of the FAIR framework.
This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.
Le cours présente l'enjeu mondial de la santé. Il aborde les défis posés par l'innovation biomédicale, les maladies infectieuses et neuropsychiatriques. L'approche interdisciplinaire intègre les SHS e
Le cours présente l'enjeu mondial de la santé. Il aborde les défis posés par l'innovation biomédicale, les maladies infectieuses et neuropsychiatriques. L'approche interdisciplinaire intègre les SHS e
Le cours vise à donner les outils permettant d'appréhender de manière fondée et scientifique la question de l'analyse et de la gestion des risques technologiques et naturels, avec une attention partic
In information security, risk factor is a collective name for circumstances affecting the likelihood or impact of a security risk. Factor Analysis of Information Risk#Risk Factor Analysis of Information Risk (FAIR) is devoted to the analysis of different factors influencing IT risk. It decompose at various levels, starting from the first level Loss Event Frequency and Probable Loss Magnitude, going on examining the asset, the threat agent capability compared to the vulnerability (computing) and the security control (also called countermeasure) strength, the probability that the agent get in contact and actually act against the asset, the organization capability to react to the event and the impact on stakeholders.
Information technology risk, IT risk, IT-related risk, or cyber risk is any risk relating to information technology. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the organization's business processes or mission, ranging from inconsequential to catastrophic in scale.
A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, personal computer devices, or smartphones. An attacker is a person or process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially with malicious intent. Depending on the context, cyberattacks can be part of cyber warfare or cyberterrorism. A cyberattack can be employed by sovereign states, individuals, groups, societies or organizations and it may originate from an anonymous source.
This thesis is inscribed in the recent efforts to reconnect urban planning and public health. It focused on the context of sub-Saharan African cities, for they offer invaluable lessons regarding environmental health determinants and potential solutions to ...
An individual polygenic risk score was associated with osteoporosis in people living with HIV. The genetic effect was robust, as it persisted after multivariable adjustment for established traditional and HIV-related osteoporosis risk factors, including te ...
Cardiovascular (CV) risk factors for rheumatoid arthritis (RA) are conventionally classified as 'traditional' and 'novel'. We argue that this classification is obsolete and potentially counterproductive. Further, we discuss problems with the common practic ...