FAIR Model Flashcards
Risk
Probable frequency and probable magnitude of future loss
Risk components
Frequency and Magnitude
Loss event frequency
How frequently a loss will materialize within a time frame
Threat event frequency
Amount of times in a year a threat will act on an asset.
will attack or attempt to attack
Vulnerability
Probability that threat events become loss events
Percent that will be successful.
Loss magnitude
Total money lost from each event.
Primary losses and secondary losses.
Loss flow
Chain of events related to losses from threat action to realization of secondary losses.
Two sections: Primary LE and Secondary LE
PSH
Primary stakeholder
Primary Stakeholder
(Your org)
Secondary stakeholders
Anybody that has an interest in your org that can cause harm. (Business partners, customers, regulators, etc.)
SSH
Secondary stakeholder
Primary loss magnitude
Primary stakeholder loss that occurs directly from an event.
Secondary loss
Fallout from an event.
Secondary loss frequency
Probability that secondary losses will materialize.
Usually 100% for large breaches.
Secondary loss magnitude
Loss from secondary stakeholder reaction to primary event.