Factor analysis of information risk
Risk management framework / From Wikipedia, the free encyclopedia
Dear Wikiwand AI, let's keep it short by simply answering these key questions:
Can you list the top facts and stats about Factor Analysis of Information Risk?
Summarize this article for a 10 year old
Factor analysis of information risk (FAIR) is a taxonomy of the factors that contribute to risk and how they affect each other. It is primarily concerned with establishing accurate probabilities for the frequency and magnitude of data loss events. It is not a methodology for performing an enterprise (or individual) risk assessment.[1]
FAIR is also a risk management framework developed by Jack A. Jones, and it can help organizations understand, analyze, and measure information risk according to Whitman & Mattord (2013).
A number of methodologies deal with risk management in an IT environment or IT risk, related to information security management systems and standards like ISO/IEC 27000-series.
FAIR complements the other methodologies by providing a way to produce consistent, defensible belief statements about risk.[2]
Although the basic taxonomy and methods have been made available for non-commercial use under a creative commons license, FAIR itself is proprietary. Using FAIR to analyze someone else's risk for commercial gain (e.g. through consulting or as part of a software application) requires a license from RMI.[3]