Built on the FAIR Standard

RiskLens is the only enterprise software platform purpose built on FAIR - an internationally recognized standard for risk quantification, tested, proven and adopted by more than 5,000 security and risk professionals. The movement is strong and growing rapidly with each passing day.

FAIR provides a structured, defensible and repeatable model for cyber risk quantification.

RiskLens is the Technical Advisor to The FAIR Institute - the expert non-profit organization dedicated to advancing the discipline of measuring and managing information risk.

The FAIR Institute counts 8 out of the Fortune 10, 75% of the Fortune 50, 33% of the Fortune 100 and nearly 30% of the Fortune 1,000 as members.

Join the FAIR Institute

A Standard Method

Quantify Cyber Risk

FAIR is a standard risk taxonomy and risk quantification model by The Open Group, a global standards consortium, that can express cyber risk in financial terms.

A Common Language

Unite Cyber and Business

Without a standard model for risk, security and risk teams struggle to communicate to each other and the business. FAIR solves the problem.

An Enterprise Model

Revolutionize Cyber Risk

FAIR analyses scale for any risk factors, applies to information and operational risk, and integrates with Enterprise Risk Management.

Factor Analysis of Information Risk (FAIR)

A Methodology for Quantifying and Managing Risk in Any Organization

FAIR is the only international standard quantitative model for cyber security risk.

  • Provides a model for understanding, analyzing and quantifying cyber risk in financial terms
  • Unlike risk assessment frameworks that focus their output on qualitative color charts or numerical weighted scales
  • Builds a foundation for developing a scientific approach to information risk management
  • The OpenFAIR standard is maintained by The Open Group, a global consortium that enables the achievement of business objectives through IT standards

The Book Behind the Model

Inducted into the Cyber Security Canon

RiskLens Co-Founder and Chief Risk Scientist Jack Jones is the author of Measuring and Managing Information Risk: A FAIR Model, the book that launched the FAIR movement.

Written in clear, non-technical language, the book describes a practical and credible framework for understanding, measuring and analyzing information risk of any size and complexity.

Measuring and Managing Information Risk was inducted into the Cybersecurity Canon in 2016, as a must-read text for risk professionals.

Buy the Book

A Common Language That All Can Understand

Translating Cyber Risk into the Language of Business

Benefits:

  • Speak in one language concerning your cyber risk
  • Consistently study and apply risk assessments to any object or asset
  • View enterprise cyber risk in totality
  • Challenge and defend cyber risk decisions using an advanced risk model
  • Understand how time and money will impact your security profile

An Enterprise Scalable Model

Trusted by Thousands Around the World

Risk Model Components:

  • An ontology and standard nomenclature for cyber security risk
  • A framework for establishing data collection criteria
  • Measurement scales for risk factors
  • Integrates into a computational engine for calculating risk
  • A modeling construct for analyzing complex risk scenarios

“FAIR is a quantifiable, repeatable methodology that has a proven model behind it that is actually relevant to our business.”

Grant Bourzikas, CISO at McAfee

“The key value that FAIR provides is a consistent way to communicate (cyber) risks and what we should be doing about them as a firm.”

Brandon Young, Managing Director - Cybersecurity Framework at Charles Schwab

"The association with the FAIR Institute gives the RiskLens company a distinct advantage in terms of having a widely accepted risk quantification methodology."

James Lam, Director - Risk Oversight Committee Chair at E*TRADE

"When virtually every aspect of the business is quantitative...having the CISO give red/yellow/green heat maps is debilitating to decision-making."

Jack Jones, Creator of FAIR and Co-Founder at RiskLens

"If CISOs push back on quantifying potential loss, I find that unacceptable as a board director. CISOs need to advance."

James Lam, Director, E*Trade

"Controls and procedures should enable companies to identify cybersecurity risks and incidents [and] assess and analyze their impact on a company’s business."

SEC, Cyber Security Disclosure Guidance

"FAIR is a quantifiable, repeatable methodology that has a proven model behind it that is actually relevant to our business...we can actually articulate risk and threat likelihood and consequences, it gets us in a good position as a trusted adviser to the board."

Grant Bourzikas, CISO at McAfee

"I think that FAIR is just a phenomenal program for being able to develop a consistent and rigorous methodology to reason about and measure and mitigate your cyber risk."

Zulfikar Ramzan, CTO at RSA

An Executive's Guide to Cyber Risk Economics

Jack Jones - creator of the internationally recognized FAIR model and co-founder at RiskLens provides a high-level introduction to managing cyber risk from a business perspective. You'll learn how the FAIR model powers cost-benefit analysis for security initiatives on a par with other forms of enterprise risk management. Read this eBook and never be satisfied again with simple red-green-yellow risk ratings.

Download Now

A Quick Look at the FAIR Movement - From FAIRCON '18

The FAIR model is literally sparking a revolution in thought about cyber risk management. More than 4,000 of your peers in security and risk have found their way to FAIR and are pushing their ways forward to a new era in cyber risk – where quantification is the center of all decision making.

Join the Movement

A Quick Look at the FAIR Movement - From FAIRCON '18

The FAIR model is literally sparking a revolution in thought about cyber risk management. More than 4,000 of your peers in security and risk have found their way to FAIR and are pushing their ways forward to a new era in cyber risk – where quantification is the center of all decision making.

Join the Movement

Learn More About FAIR

November 15, 2018
5 Insights from FAIR Creator Jack Jones on Transforming Your Risk Management Organization
Continue Reading
June 13, 2018
Gartner Names Risk Quantification a Critical Capability of Integrated Risk Management
Continue Reading
January 09, 2019
How to Manage a Cybersecurity Program with NIST CSF and FAIR
Continue Reading

Let RiskLens Help You

RiskLens is the world leader in helping large organizations to develop, implement and continually refine cyber risk management programs built on FAIR. We're ready to help you on your journey. Request a demo today and we'll walk you through all of our capabilities.

Request a Demo