The foundation required to achieve and maintain effective risk management is comprised of five elements.
- Cost-effective risk management: a program that meets the definition of risk management listed above.
- Well-informed decisions: every decision involves a choice, and in order for those to be well-informed…
- Effective comparisons: …a decision-maker has to be able to compare the options before him/her.
- Meaningful measurements: quantitative measurements in financial terms that all stakeholders can understand.
- Accurate models: accurate models of risk and of explicit risk management that can scale in real-life.
The OpenFAIR methodology was conceived as a way to provide meaningful measurements so that it could satisfy management’s desire to make effective comparisons and well-informed decisions. FAIR has become the only international standard Value at Risk (VaR) model for cybersecurity and operational risk.