FAIR Open Group Certification Exam 2023 with complete
solution
Loss Event Frequency
Loss Event Frequency (LEF) is the probable frequency, within a given timeframe, that a
threat agent will inflict harm upon an asset. In basic terms this can be thought of as how
often a bad thing happens to something that we care about; for example, how often your
money is stolen, or how many times per year hackers perform a denial of service attack
against your online banking system.
Threat Event Frequency
Threat Event Frequency (TEF) is the probable frequency, within a given timeframe, that
a threat agent will act in a manner that could result in a loss. For example, the probable
frequency, within a given timeframe, that a thief tries to steal the money, a tornado hits
a building, hackers perform a denial of service attack on your computer system, etc.
Contact Frequency
Contact Frequency (CF) is the probable frequency, within a given timeframe, that a
threat agent will come into contact with an asset. Contact can be physical or "logical"
(e.g., over the network).
Probability of Action
Probability of Action (PoA is the probability that a threat agent will act against an asset
once contact occurs. Once contact occurs between a threat agent and an asset, action
against the asset may or may not take place. For some threat agent types, especially
natural threat agents, action always takes place. For example, if a tornado comes into
contact with a house, action is a foregone conclusion.
Vulnerability
The definition of Vulnerability in the FAIR risk taxonomy departs from the casual or
informal use of the term. Vulnerability (Vuln) is the probability that a threat event will
become a loss event. Vulnerability exists when there is a difference between the force
being applied by the threat agent, and an object's ability to resist that force. This simple
analysis provides us with the two primary factors that drive Vulnerability: Threat
Capability (TCap) and Resistance Strength (RS).
Threat Capability
Threat Capability (TCap) is the probable level of force that a threat agent is capable of
applying against an asset. Not all threat agents are created equal. In fact, threat agents
within a single threat community are not all going to have the same capabilities.
Resistance Strength
Resistance Strength (RS) is the strength of a control as compared to a baseline
measure of force. In simple terms, this can be considered the degree of difficulty faced
by the threat agent. For example, a wireless network secured by WPA2 has a higher RS
to a hacker community than one secured by WEP.
Loss Magnitude
Loss Magnitude (LM) is the probable magnitude of loss resulting from a loss event. The
other side of the taxonomy under Loss Event Frequency introduced the factors that
drive the probability of loss events occurring. The Loss Magnitude side of the taxonomy
solution
Loss Event Frequency
Loss Event Frequency (LEF) is the probable frequency, within a given timeframe, that a
threat agent will inflict harm upon an asset. In basic terms this can be thought of as how
often a bad thing happens to something that we care about; for example, how often your
money is stolen, or how many times per year hackers perform a denial of service attack
against your online banking system.
Threat Event Frequency
Threat Event Frequency (TEF) is the probable frequency, within a given timeframe, that
a threat agent will act in a manner that could result in a loss. For example, the probable
frequency, within a given timeframe, that a thief tries to steal the money, a tornado hits
a building, hackers perform a denial of service attack on your computer system, etc.
Contact Frequency
Contact Frequency (CF) is the probable frequency, within a given timeframe, that a
threat agent will come into contact with an asset. Contact can be physical or "logical"
(e.g., over the network).
Probability of Action
Probability of Action (PoA is the probability that a threat agent will act against an asset
once contact occurs. Once contact occurs between a threat agent and an asset, action
against the asset may or may not take place. For some threat agent types, especially
natural threat agents, action always takes place. For example, if a tornado comes into
contact with a house, action is a foregone conclusion.
Vulnerability
The definition of Vulnerability in the FAIR risk taxonomy departs from the casual or
informal use of the term. Vulnerability (Vuln) is the probability that a threat event will
become a loss event. Vulnerability exists when there is a difference between the force
being applied by the threat agent, and an object's ability to resist that force. This simple
analysis provides us with the two primary factors that drive Vulnerability: Threat
Capability (TCap) and Resistance Strength (RS).
Threat Capability
Threat Capability (TCap) is the probable level of force that a threat agent is capable of
applying against an asset. Not all threat agents are created equal. In fact, threat agents
within a single threat community are not all going to have the same capabilities.
Resistance Strength
Resistance Strength (RS) is the strength of a control as compared to a baseline
measure of force. In simple terms, this can be considered the degree of difficulty faced
by the threat agent. For example, a wireless network secured by WPA2 has a higher RS
to a hacker community than one secured by WEP.
Loss Magnitude
Loss Magnitude (LM) is the probable magnitude of loss resulting from a loss event. The
other side of the taxonomy under Loss Event Frequency introduced the factors that
drive the probability of loss events occurring. The Loss Magnitude side of the taxonomy
