FAIR Framework
Factor Analysis of Information Risk for quantitative cyber risk assessment and decision support
Risk Quantification
Financial Analysis
Decision Support
Executive Reporting
Framework Overview
FAIR (Factor Analysis of Information Risk) is a quantitative model for understanding, analyzing, and measuring information risk. It provides a framework for establishing accurate and defensible risk assessments that enable better decision-making.
3
Core Components
10
Risk Factors
$
Financial Impact
FAIR Model Components
The three primary components of the FAIR risk equation
Loss Event Frequency (LEF)
TEF × Vulnerability
How often a loss event is expected to occur
Threat Event Frequency
Vulnerability
Loss Magnitude (LM)
Primary Loss + Secondary Loss
The magnitude of loss resulting from a loss event
Primary Loss
Secondary Loss
Risk
LEF × LM
The probable frequency and magnitude of future loss
Loss Event Frequency
Loss Magnitude