With a myriad of risks and limited security budgets, how do organizations decide which projects to prioritize? Many governance, risk management and compliance (GRC) professionals believe risk quantification is the answer. Because risk-free operations don’t exist, risk quantification isn’t merely desirable — it’s necessary. And it plays an essential role in every business decision and risk type.
When incorporated into an existing GRC program, this tactical tool helps companies understand and evaluate key risk scenarios so stakeholders can make informed decisions and determine the financial impact of potential risks on an organization.
The Open FAIR model: Supporting risk quantification
Risk quantification ranks and prioritizes risks according to the size of potential loss guided, in part, by models such as the Open FAIR (Factor Analysis of Information Risk) model. Developed with cyber security or risk use cases in mind, the Open FAIR model is used in risk quantification to determine threats and asset vulnerabilities within an organization.
Within the model, companies scope down to a particular scenario rather than attempting to quantify all risks at once…
