Factor Analysis of Information Risk
A model for quantifying cyber risk in financial terms rather than with qualitative labels like high, medium, and low. It breaks risk down into the frequency of loss events and the magnitude of loss, letting analysts express exposure in dollars. Boards and CISOs use FAIR to prioritize security investments and compare cyber risk against other business risks.