Resources
There’s quite a bit of good information available on risk, risk management, and Information Risk Management. Some of it right here. Here are a number of resources we hope you find helpful.
FAQ
Common Questions related to FAIR & FAIRiq
Wiki
Wikipedia: A short open-source description of FAIR
FAIRwiki: A Definitive source to FAIR terminology
General Information
Brief literature formatted for printing and viewing outside of a web browser:
FAIR Summary .pdf A quick three page summary on FAIR.
Presentations
Sometimes we present, and it gets recorded for posterity’s sake. Here are some of the presentations we’ve given:
Baseline Measure of Force to Estimate Resistance Strength
Community of Interest: Risk Analysis – Orientation
Community of Interest: BYOD Analysis
Jack Jones – Monte Carlo (Explained)
Jack Jones – Threat Capability and Resistive Strength (Explained)
Risk Evolution (Slides) (with/Audio – webex.com)
Visibility Analysis (with/Audio – webex)
Risk Analysis Resources
Want to try out our FAIR framework? We make a simplified version of our Factor Analysis of Information Risk (FAIR) framework and a Basic Risk Assessment Guide available under a Creative Commons license:
- The Introduction to FAIR Paper (.pdf) A more detailed definition document on FAIR.
- The FAIR Basic Risk Assessment Guide (.pdf)
White Papers
Our whitepapers on risk and the management of risk are topics we want to share and discuss, but tend to be a little too long for a weblog post:
- Improving Risk Decisions White Paper (.pdf)
- The Case for Risk-based Security(.pdf)
- Bald Tire.pdf
- To Be FAIR About It
RiskAnalys.is Weblog
We make new and topical content available on our weblog. Here, RMI talks about current events in Risk Management and posts snippets of our research and experiences in risk management.
Example Reports
These documents provide examples of the kind of reports that are possible using the FAIRLite tool and basic analyses.
The Open Group Security Forum
The Open Group forum on Security is a great place to go to meet others interested in the use of risk and the idea of Risk Management. The Open Group also has adopted FAIR as the basis for it risk management framework.
The Open Group Security Forum- FAIR – ISO/IEC 27005 Cookbook – This Technical Guide describes in detail how to apply the FAIR (Factor Analysis for Information Risk) methodology to any selected risk management framework. It uses ISO/IEC 27005 as the example risk assessment framework.
- Risk Taxonomy - This Risk Taxonomy Technical Standard provides a taxonomy describing the factors that drive risk – their definitions and relationships. It also provides an overview on how to use the taxonomy.