Using the Factor Analysis for Information Risk (FAIR) cyber risk framework please create a presentation including the following. Do not worry about the introductionThe presentation must cover:...

1 answer below »


Using the Factor Analysis for Information Risk (FAIR) cyber risk framework please create a presentation including the following. Do not worry about the introduction




The presentation must cover:






  • Introduction: Speaker and Topic

  • Discussion of the field in which the standard is applied.

  • Provide an overview of the standard or framework.


    • Include details of significant components, or

    • Special cases of interest.


    • The circumstances in which the standard is applied


    • Why a company may/must/should comply with the standard






  • The governance mechanism for the standard.




    • Include the governing body and other relevant information.






  • Certification/validation requirements of the standard.


  • Enforcement means for the standard.


  • Examples of the standard/framework in use.


  • A bibliography of the resources used in creating the presentation.


Also please include speaker notes


Answered Same DayOct 20, 2022

Answer To: Using the Factor Analysis for Information Risk (FAIR) cyber risk framework please create a...

Dr Raghunandan G answered on Oct 21 2022
56 Votes
Factor Analysis for Information Risk(FAIR)
Introduction
FAIR is a standard risk taxonomy and risk quantification model by The Open Group, a global standards consortium, that can express cyber risk in financial terms
The FAIR risk assessment methodology aids companies in making well-timed and informed decisions on how to prevent and remediate various forms of cyber attacks on critical data and systems.
The Factor Analysis of Information methodology first enables you to inventory, categorize, and quantify the specific assets at risk in your organization
Objectives
FAIR framework establishes a link between cybersecurity experts, business managers, and general management. This standard is designed, supported and promoted by the FAIR Institute, a professional non-profit organisation.
This approach to cyber risk analysis first proposes a taxonomy of the distinct factors that constitute risk, a collection of definitions which clarify certain concepts: risk, threat, danger, asset, control, audit.
The objectives are to analyse complex risks, to identify key data for quantification and to understand the interdependencies between risk factors.
The FAIR standard offers a taxonomy and a methodology for cyber risk analysis in all business functions.
The FAIR method explains the connections between these factors, giving a company food for thought.
Then, on the basis of logical, easy-to-explain, repeatable, and defensible scenarios, forecasts of future loss (in GBP, EUR, USD, or other currencies) can be presented to decision makers.
Methodology
The FAIR methodology relies on the taxonomy featured in the diagram below. It is based on a “frequency x magnitude” model which is applicable to all situations and exportable to all businesses.
For instance, if a company estimates that a loss event could occur once every 10 years, and that it involves a 20,000,000 USD loss, then the formula would be:
A loss event frequency (LEF) of 1/10 year x 20,000,000 USD loss = 2,000,000 USD/year.
This risk model leaves the decision makers with two ways of reducing loss exposure:
Reducing the LEF – the number of times that loss events occur;
Mitigating the amount of financial losses that would result from such events.
The results (in GBP, EUR, USD, or other currencies) may be used by different divisions of an organisation, by the board of directors, or by general management.
Enforcement of Risk...
SOLUTION.PDF
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here
Have files?