Top Threats – Annual Loss Expectancy
A very effective risk management technique for many organizations is to analyze their top threats and establish a corresponding financial model to describe the potential operational impacts. Utilizing the Factor Analysis for Information Risk (FAIR™) is a very informative financial modeling technique used to increase the level of confidence and rigor associated with this critical risk management capability. Using this method, Risk Neutral helps clients predict how much money an organization stands to lose based on their most likely threat scenarios.
Risk Modeling Requirements
Risk Neutral has certified FAIR™ analysts on staff and practical experience applying the technique across a wide range of industries. Like any precise method of calculation, the first step is verifying the understanding of the terminology used within the methodology (aka a lexicon) and calibrating expectations with the senior leadership team on how to interpret the analysis output. Skipping this step often results in increased confusion, damages credibility, and hinders well-informed decisions.
Utilizing the FAIR™ methodology relies on the fundamental premise that there is NO such thing as ‘a risk.’ There are only very specific scenarios that can be quantified and associated with a certain amount of financial risk. The basics of the FAIR™ lexicon are as follows:
- Asset: anything of value that can be impacted in a manner that results in a loss.
- Threat: any agent capable of acting against an asset in a manner that could result in loss.
- Vulnerability: the probability that a threat agent’s action will result in loss.
- Risk: a measurement of the probable frequency and probable magnitude of future loss.
- Risk is not a ‘thing’ it is a Quantity
- It is expressed in terms of loss event frequency and loss magnitude
- Is forecast using ranges to account for uncertainty about the future