Factor Analysis of Information Risk (FAIR) model enables organizations to quantify security risk in financial terms. By using models such as FAIR, organizations can focus security investments on their top risks. Cimpress combined the FAIR model with the National Institute of Standards and Technologys Cybersecurity Framework (NIST CSF) to establish a comprehensive, actionable security program. The model is a risk management framework that changes the approach of risk assessments and overall security strategy. The two primary components of risk defined by FAIR are event frequency and loss magnitude.”]
Source: https://securityintelligence.com/posts/using-fair-and-nist-csf-security-risk-management/