Read as
Why this module exists. The FAIR (Factor Analysis of Information Risk) framework lets practitioners express cyber risk in monetary terms — “this vulnerability represents a ₹3.2 Cr expected annualised loss” — instead of “high / medium / low” colour codes. This module is the practical introduction to FAIR for Indian-enterprise practitioners: the maths, the modelling, and where it adds value vs where qualitative methods are still the right choice.
Why this module exists. Boards make decisions in money. Heat maps in red, amber, green do not translate to “should we spend ₹2 Cr on this control?” FAIR translates. This module is the operational introduction.
The FAIR ontology — the building blocks
FAIR decomposes “risk” into measurable components:
- Loss Event Frequency (LEF) — how often a loss event happens per year.
- Loss Magnitude (LM) — the financial impact when one happens.
- Risk = LEF × LM — the expected annualised loss.
Each of LEF and LM further decomposes:
- LEF = Threat Event Frequency × Vulnerability (probability the threat event becomes a loss event given existing controls).
- LM = Primary Loss (direct impact) + Secondary Loss (indirect: response cost, regulatory fines, reputation).
DPDP Act in your stack?
Get a DPDP gap assessment
Free 30-minute call. We map your data flows against DPDP §8 obligations and tell you exactly which gaps to fix first. Auditor-defensible output.
Book DPDP scoping call
Replies in 4 working hrs · India-only · Senior consultants