FAIR is a risk assessment tool that creates a threat model based on past experiences, current trends, and value of current assets. It is able to identify the risk by using penetration testing and security exercises that have the same on par with today's threat and deliver a well versed risk analysis.
Here are some other features of FAIR:
-Intelligence Gathering: in the form of human and non-human
-Business Process Mapping:identify critical business process to be used in threat modeling/planning
-Asset Mapping: value of current asset and cost to replace it
-Vulnerability and Exposure Analysis: finding a list of vulnerabilities from various points and identifying the countermeasures
-Threat Modeling: identify the threat and its success rate to attack the asset.
-Data Flow Protection Analysis: Analysis of all communication : data, voice, image, and physical to find any incorrect data flow.
-Risk Modeling: Based on the risk liability and frequency assign a quantitative value to that risk
-What-If Modeling: Analyzing future landscape of organization (like merger) in order to aid organization decision making.
Read More: http://www.optimalrisk.com/Cyber-Security/FAIR-Methodology
Interesting! Thanks for sharing. Sounds like such a tool needs strict security clearance to use. Imagine if a criminal got a hold of it, access to asset lists, what-if of the company, and other goodies
ReplyDelete-Brett
Good job!. Am happy to learn about a new tool for risks analysis. Reading further, I think FAIR is a good research tool. Thanks for sharing
ReplyDelete