The Security Kitchen

I’ve been digging into the FAIR (Factor Analysis of Information Risk) methodology for risk assessment recently and I was captivated immediately.

Factor Analysis of Information Risk (FAIR) provides a framework for understanding, analyzing, and measuring information risk. The outcomes are more cost-effective information risk management, greater credibility for the information security profession, and a foundation from which to develop a scientific approach to information risk management.

With the information available on the FAIR wiki and the walkthrough created by Kevin Riggins available on infosecramblings.com I compiled this quick and dirty BRAG (Basic Risk Assessment Guide) spreadsheet that you can use to try some FAIR scenarios for yourself.  You can reuse the file, if so desired.

Thanks to Kevin for the quick review, Mr Jack Jones for all the work on FAIR and Mr. Alex Hutton “The voice of FAIR”.

FAIR <<– THE FILE

I’ll throw out newer versions as I build upon the foundation.

(For those of you using excel, I guess it should work … There is no macro’s yet, only messy formulas. I’ve completely migrated to oOo for over a year now …there is no way back.)

1. Interesting Information Security Bits for 07/29/2009 | Infosec Ramblings says:

   July 29, 2009 at 11:19 pm

   [...] is getting into FAIR. Very cool stuff. all is FAIR in love and war. << The Security Kitchen Tags: ( fair [...]

   Like or Dislike: 0  0