FAIR Resources

What is the FAIR Model?

FAIR (Factor Analysis of Information Risk) is a model that breaks down different aspects of risk and monetizes the elements. Allowing security teams to break down the factors and relationships between risk factors lets companies gain a broader insight into how risk is addressed and where the gaps may be. Ultimately, FAIR assigns a monetary value to risk factors, successfully defining risk in a business context.

This newer way to frame risk is crucial because it allows businesses to translate cyber risk into a business context and create a narrative to help get executive buy-in on cybersecurity initiatives. It will enable CISOs to calculate return on security investment (RoSI), allowing for more transparency and risk visibility.

The FAIR risk methodology allows businesses to measure, analyze, and understand risk concretely. The nice thing about the FAIR model is that it can augment current security programs and strengthen the organization's security posture. Only once the risk is understood can CISOs make informed decisions about risk scenarios and taxonomy.

Key Components of FAIR

• Findable: Data and metadata should be easy to find for both humans and computers
  • Assigned globally unique and persistent identifiers
  • Described with rich metadata
  • Registered or indexed in searchable resources
• Accessible: Users should know how to access the data, possibly including authentication and authorization
  • Retrievable by their identifier using standardized protocols
  • Metadata remain accessible even when data is no longer available
• Interoperable: Data should be able to be integrated with other data and work with various applications
  • Use formal, accessible, shared, and broadly applicable language for knowledge representation
  • Use vocabularies that follow FAIR principles
  • Include qualified references to other data
• Reusable: Data and metadata should be well-described for replication or combination in different settings
  • Richly described with accurate and relevant attributes
  • Released with clear and accessible data usage license
  • Associated with detailed provenance
  • Meet domain-relevant community standards

FAIR Resources

• FAIR Cookbook: Offers guidance and assistance in FAIR data management
• FAIRshake: A tool for evaluating FAIRness using collections of metrics.
• FAIR Metrics GitHub Repository: Contains metrics for assessing FAIR principles
• GO-FAIR Organization: Provides detailed descriptions of FAIR principles
• FAIR Institute: Offers resources on cyber risk quantification and management using FAIR principles
• OpenAIRE: Provides guidelines on how to make data FAIR
• Science Fair Resources: While not directly related to FAIR principles, these resources can be adapted to create FAIR-compliant science projects

FAIR-Related Concepts

Machine-actionability: The capacity of computational systems to find, access, interoperate, and reuse data with minimal human intervention
FAIR-CAM: FAIR Controls Analytics Model4.
FAIR-MAM: Not explicitly defined in the search results, but mentioned as part of FAIR standards
Data Management Plan (DMP): A tool for designing research data management strategies, often incorporating FAIR principles
FAIRness: The degree to which a digital object adheres to the FAIR principles

Return to Cyber Risk Quantification Glossary