Using FAIR with CTI – Some key definitions
This post won’t cover all the Factor Analysis of Information Risk (FAIR) definitions. It will provide the ones I think are vital for using FAIR with Threat Intelligence (TI) and Cyber Threat Intelligence (CTI). I’m paraphrasing several sources, but it’s the way I understand the definitions I learned over the years. If you want in-depth/exact definitions from my sources, for FAIR, lookup: Measuring and Managing Information’s Risk, The Open Group’s Open FAIR Risk Taxonomy and Risk Analysis whitepapers, the RiskLens FAIR study guide (provided as part of the course). For Threat Intelligence, lookup: Effective Threat Intelligence, and Intelligence Analysis 6th edition.