Factor Analysis of Information Risk (OpenFAIR) is a model/method to help organizations understand the level of risk present in their IT environments.
The FAIR methodology is conceived as a way to provide meaningful measurements so that it could satisfy management's desire to make effective comparisons and well-informed decisions. FAIR has become the only international standard Value at Risk (VaR) model for cyber-security and operational risk.
FAIR is a methodology for analyzing cybersecurity risk. Here, we will refer to risk as the total dollar amount of expected loss for a given timeframe. In a general sense, FAIR methodology works by breaking risk into its individual components. These components can then be measured or estimated numerically, allowing for a quantitative calculation of risk as a whole.
The actual calculation for risk often takes the form of a Monte Carlo method.
This is based on the terms found in:
"Open FAIR" is a trademark of the Open Group.
toml
[dependencies]
openfair = "0.1.1"
and then
```rust use openfair::{simulate, Result}; use std::fs::readtostring;
fn main() -> Result<()> { let input = readtostring("data/input.json")?; let result = simulate(&serdejson::fromstr(&input)?)?; println!("{:#?}", result);
Ok(())
} ```
Running the example to return the output
bash
cargo run --example eg1 -- -i data/input.json
Running the example to return the chart data output
bash
cargo run --example eg1 -- -i data/input.json --generate-chart
License: MIT/Apache 2.0