Earlier this year, Conexiam was invited to participate in the Open Group Beta Test program for the Factor Analysis of Information Risk (FAIR) Risk Anaylsis method.
Risk analysis is a key element of risk assessment and risk management. FAIR Risk Analysis is a standard for risk analysis that treats risk analysis as a measurement process giving the risk manager the ability to produce accurate and repeatable results. By applying the FAIR Risk Analysis standard assumptions are made explicit and risks are expressed using quantitative metrics. Only approved assumptions and authoritative information is to be used. (An example of an approved assumption would be that employees are not expected to attempt to steal money from credit card transactions.)
FAIR Risk Analysis runs through four stages.
The method is very scope specific, for a complete risk anaylsis of a business many risk scenarios must be completed. Even in the scenario of risk of physical cash loss, several scenarios must be created. For example:
The rigourous scenario planning that is offered by FAIR Risk analysis allows for detailed and specific assesment of risks, their capability and competency, and the knowledge for a business to decide what measures are necessary to defend against risks.
Conexiam offered insight & experience to the test, and all Conexiam participants in the Beta program are certified and ready to train FAIR.