Chapter 4

FAIR Terminology

Abstract

In this chapter, the reader will find a series of terms that are used in Factor Analysis of Information Risk (FAIR) along with specific guidance on how to think about them in order to provide for a better risk model. The chapter will discuss concepts around assets, threats, loss flows, and loss forms. It provides some detailed information on how to model threats and build references to threat impact and skills for use in FAIR models. The chapter concludes with some very detailed discussion on the six FAIR loss forms: productivity, response, replacement, competitive advantage, fines and judgments, and reputation. Guidance is offered on how to apply these in the model, where to get information about building estimates ...

Get Measuring and Managing Information Risk now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.