Chapter 9

Thinking about Risk Scenarios Using FAIR

Abstract

In this chapter, we introduce some examples of how to think about certain risk related problems by using a “FAIR frame of mind.” Most of these are meant to be examples of scenarios viewed through a FAIR lens without having to use numbers or conduct any calculations. Examples include prioritizing information security vulnerability (Vuln) scanner results, contractor related risk, password strength, production data in test environments, project prioritization, and compliance. We have also included a couple of noninformation security examples to demonstrate the agnostic nature of FAIR and its utility in the broader risk management landscape.

Keywords

BRAG; Compliance; Critical infrastructure; ...

Get Measuring and Managing Information Risk now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.