Factor analysis of information risk

Factor analysis of information risk (FAIR) is a taxonomy of the factors that contribute to risk and how they affect each other. It is primarily concerned with establishing accurate probabilities for the frequency and magnitude of data loss events. It is not a methodology for performing an enterprise (or individual) risk assessment. Factor analysis of information risk (FAIR) is a taxonomy of the factors that contribute to risk and how they affect each other. It is primarily concerned with establishing accurate probabilities for the frequency and magnitude of data loss events. It is not a methodology for performing an enterprise (or individual) risk assessment. FAIR is also a risk management framework developed by Jack A. Jones, and it can help organizations understand, analyze, and measure information risk according to Whitman & Mattord (2013). A number of methodologies deal with risk management in an IT environment or IT risk, related to information security management systems and standards like ISO/IEC 27000-series. FAIR seeks to provide a foundation and framework for performing risk analyses. Much of the FAIR framework can be used to strengthen, rather than replace, existing risk analysis processes like those mentioned above. It is not another methodology to deal with risk management, but complements existing ones. It is in direct competition with the other risk assessment frameworks, if complementary to many of them. Although the basic taxonomy and methods have been made available for non-commercial use under a creative commons license, FAIR itself is proprietary. Using FAIR to analyze someone else's risk for commercial gain (e.g. through consulting or as part of a software application) requires a license from RMI. As a standards body, The Open Group aims to evangelize the use of FAIR within the context of these risk assessment or management frameworks. ISACA cites FAIR and its concepts in its Risk IT Framework that extends COBIT. The Build Security In initiative of the United States Department of Homeland Security cites FAIR. FAIR's main document is 'An Introduction to Factor Analysis of Information Risk (FAIR)', Risk Management Insight LLC, November 2006;