HOME OF FAIR

FAIR CONFERENCE 2016

Bringing leaders in information and operational risk management together to explore best FAIR practices that produce greater value and alignment with business goals, enabling cost effective decision-making and ultimately managing what matters.
Register for FAIR Conference 2016

HOME OF FAIR

FAIR CONFERENCE 2016

Bringing leaders in information and operational risk management together to explore best FAIR practices that produce greater value and alignment with business goals, enabling cost effective decision-making and ultimately managing what matters.
Register for FAIR Conference 2016

LEARN ABOUT FAIR

Factor Analysis of Information Risk (FAIR) is a practical framework for understanding, measuring and analyzing information risk, and ultimately, for enabling well-informed decision making.

GET STARTED

EXPLORE THE FAIR INSTITUTE

The FAIR Institute is an expert, non-profit organization led by information risk officers, CISOs and business executives to develop standard information risk management practices based on FAIR.

LEARN MORE

GET INVOLVED

Learn about the industry's best practices; collaborate with other innovators to further advance the profession; and network with your peers to learn from their operational experiences.

BECOME A MEMBER
A STANDARD BY
partners_12
TECHNICAL ADVISOR
partners_09
Enter Title
EDUCATION PARTNERS

partners_03  partners_06

partners_17   FAIR_yellow_49

RECENT BLOGS

FAIR Institute Makes an Impact at Black Hat USA 2025 in Las Vegas

Aug 14, 2025 7:45:29 AM

At the FAIR Inst. booth, left to right: Luke Bader, Membership & Programs Director, Bernadette Dunn, Head of Education, Tony Martin-Vegue, Bay Area Chapter Chair

Read More >>

Remembering Denny Wan: Friend, Leader, and Champion of FAIR

Aug 11, 2025 5:56:26 PM

It is with deep sadness that we share the news of the passing of our friend and colleague, Denny Wan, a longtime and passionate member of the FAIR Institute community.

Read More >>

Setting Cyber Boundaries: How to Define Cybersecurity Risk Appetite in a Threat-Heavy World

Aug 11, 2025 10:38:20 AM

Risk isn’t just something to avoid, it’s something to analyze and harness. In an age of relentless ransomware, supply chain attacks, and misconfigured cloud environments every organization needs a clear stance on cybersecurity risk. That’s where cybersecurity risk appetite statements come in—they define how much cyber risk you're willing to accept, and where to draw the line.

This blog post is contributed by GuidePoint Security, a FAIR Institute sponsor. Author Will Klotz is Senior Information Security Consultant at GuidePoint Security.

Read More >>

SEE ALL BLOGS

POPULAR BLOGS

Post Image
Inherent Risk vs. Residual Risk Explained in 90 Seconds

Feb 15, 2023 5:09:00 PM

I recently had a conversation with clients around a risk analysis they conducted and noticed as they walked me through it that they seemed to get hung up on the terms “inherent risk” and “residual...

Read More >>
Post Image
A FAIR Framework for Effective Cyber Risk Management

Jan 10, 2025 1:51:52 PM

Cybersecurity leaders face an increasingly complex risk landscape where the stakes—financial, operational, and regulatory—continue to climb. The FAIR Institute’s latest white paper, A FAIR Framework...

Read More >>
Post Image
7 Basic Tools for FAIR Cyber Risk Analysis

May 18, 2022 11:07:03 AM

If you’re looking to try Factor Analysis of Information Risk (FAIR™) in a lightweight way, these tools and resources will get you started – all of them offered by the FAIR Institute or shared by...

Read More >>