FAIR Scoring

How likely is this to be exploited and how big would the impact be?

FAIR is a process for calculating the risk of a vulnerability as well as its impact to assets. While DREAD Scoring measures quantitative risk, FAIR Scoring measures qualitative risk. FAIR is easier to communicate to executives as it addresses the financial impact, but is complex to calculate.

It is an acronym for:

  • Factor
  • Analysis
  • Information
  • Risk

References:

  • Tarandach, I., & Coles, M. J. (2020). Threat Modeling: A Practical Guide for Development Teams (1st ed.). O’Reilly Media.
  • FAIR institute

Notes mentioning this note


Here are all the notes in this garden, along with their links, visualized as a graph.