Earlier this year, Conexiam was invited to participate in the Open Group Beta Test program for the Factor Analysis of Information Risk (FAIR) Risk Anaylsis method.
Risk analysis is a key element of risk assessment and risk management. FAIR Risk Analysis is a standard for risk analysis that treats risk analysis as a measurement process giving the risk manager the ability to produce accurate and repeatable results. By applying the FAIR Risk Analysis standard assumptions are made explicit and risks are expressed using quantitative metrics. Only approved assumptions and authoritative information is to be used. (An example of an approved assumption would be that employees are not expected to attempt to steal money from credit card transactions.)
FAIR Risk Analysis runs through four stages.
- Stage 1: Identify Scenario Components (Scope the Analysis)
- Stage 2: Evaluate Loss Event Frequency (LEF)
- Stage 3: Evaluate Loss Magnitude (LM)
- Stage 4: Derive and Articulate Risk
The method is very scope specific, for a complete risk anaylsis of a business many risk scenarios must be completed. Even in the scenario of risk of physical cash loss, several scenarios must be created. For example:
- Risk of external threat taking money from cash register.
- Risk of internal threat (employee) taking money from the register.
- Risk of external threat taking money from in-store safe.
- Risk of internal threat taking money from in-store safe.
The rigourous scenario planning that is offered by FAIR Risk analysis allows for detailed and specific assesment of risks, their capability and competency, and the knowledge for a business to decide what measures are necessary to defend against risks.
Conexiam offered insight & experience to the test, and all Conexiam participants in the Beta program are certified and ready to train FAIR.