What Is FAIR?


RiskLens is the only cyber risk management software purpose-built on FAIR, the only international standard quantitative model for cyber security and operational risk.

FAIR: A Methodology for Quantifying and Managing Risk in Any Organization

Factor Analysis of Information Risk (FAIR) is the only international standard quantitative model for cyber security and operational risk.

  • Provides a model for understanding, analyzing and quantifying information risk in financial terms
  • Unlike risk assessment frameworks that focus their output on qualitative color charts or numerical weighted scales 
  • Builds a foundation for developing a scientific approach to information risk management

A Common Language That All Can Understand

The Benefits of FAIR

  • Speak in one language concerning your risk
  • Consistently study and apply risk to any object or asset
  • View enterprise risk in totality
  • Challenge and defend risk decisions using an advanced risk model
  • Understand how time and money will impact your security profile
  • Add financial dimension to your risk management framework (ex. NIST CSF)

RiskLens Cyber Risk Quantification Aggregate Distribution


An Enterprise Scalable Risk Model

The FAIR Taxonomy (Basic Version)

Risk Model Components

  • An ontology and standard nomenclature for information and operational risk
  • A framework for establishing data collection criteria
  • Measurement scales for risk factors
  • Integrates into a computational engine for calculating risk
  • A modeling construct for analyzing complex risk scenarios

An International Standard by The Open Group

The Open Group has chosen FAIR as the international standard information risk management model 

  • The Open Group is a global consortium that enables the achievement of business objectives through IT standards
  • More than 450 member organizations that include companies such as HP, IBM, Oracle, Accenture, Cap Gemini and MITRE
  • Selection of FAIR was made following a most rigorous review and comparison with other risk methodologies

RiskLens is officially accredited with The Open Group to provide FAIR training and certification courses.  

Next: Signup for Online Training

The Open Group

The Book - Measuring and Managing Information Risk: A FAIR Approach

Measuring and Managing Information Risk: A FAIR Approach

Provides a practical and credible framework for understanding, measuring and analyzing information risk of any size and complexity

  • Shows how to deliver financially derived results tailored for enterprise risk management
  • Intended for organizations that need to build a risk management program from the ground up or strengthen an existing one
  • Covers key areas such as risk theory, risk calculation, scenario modeling and risk communication within the organization

Measuring and Managing Information Risk is an essential tool to help business executives of the digital age make smarter business decisions.

Next: Order It Now

The Community

A growing FAIR community is helping the profession mature by providing learning opportunities, sharing of best practices and exploration of possible new applications of the FAIR standard. 

  • Led to creation of the FAIR Institute, an expert non-profit organization
  • Animated and led by information and operational risk experts from industry-leading organizations 
  • The FAIR Institute can help you lead the transition to a business-aligned approach to managing information and operational risk.

Next: Learn more about the FAIR Institute

FAIR Institute homepage