FAIR Open Group Certification (All Solved Correctly)
Loss Event Frequency correct answers Loss Event Frequency (LEF) is the probable frequency,
within a given timeframe, that a threat agent will inflict harm upon an asset. In basic terms this
can be thought of as how often a bad thing happens to something that we care about; for
example, how often your money is stolen, or how many times per year hackers perform a denial
of service attack against your online banking system.
Threat Event Frequency correct answers Threat Event Frequency (TEF) is the probable
frequency, within a given timeframe, that a threat agent will act in a manner that could result in a
loss. For example, the probable frequency, within a given timeframe, that a thief tries to steal the
money, a tornado hits a building, hackers perform a denial of service attack on your computer
system, etc.
Contact Frequency correct answers Contact Frequency (CF) is the probable frequency, within a
given timeframe, that a threat agent will come into contact with an asset. Contact can be physical
or "logical" (e.g., over the network).
Probability of Action correct answers Probability of Action (PoA is the probability that a threat
agent will act against an asset once contact occurs. Once contact occurs between a threat agent
and an asset, action against the asset may or may not take place. For some threat agent types,
especially natural threat agents, action always takes place. For example, if a tornado comes into
contact with a house, action is a foregone conclusion.
Vulnerability correct answers The definition of Vulnerability in the FAIR risk taxonomy departs
from the casual or informal use of the term. Vulnerability (Vuln) is the probability that a threat
event will become a loss event. Vulnerability exists when there is a difference between the force
being applied by the threat agent, and an object's ability to resist that force. This simple analysis
provides us with the two primary factors that drive Vulnerability: Threat Capability (TCap) and
Resistance Strength (RS).
Threat Capability correct answers Threat Capability (TCap) is the probable level of force that a
threat agent is capable of applying against an asset. Not all threat agents are created equal. In
fact, threat agents within a single threat community are not all going to have the same
capabilities.
Resistance Strength correct answers Resistance Strength (RS) is the strength of a control as
compared to a baseline measure of force. In simple terms, this can be considered the degree of
difficulty faced by the threat agent. For example, a wireless network secured by WPA2 has a
higher RS to a hacker community than one secured by WEP.
Loss Magnitude correct answers Loss Magnitude (LM) is the probable magnitude of loss
resulting from a loss event. The other side of the taxonomy under Loss Event Frequency
introduced the factors that drive the probability of loss events occurring. The Loss Magnitude
side of the taxonomy describes the other half of the risk equation - the factors that drive loss
magnitude when events occur.
Loss Event Frequency correct answers Loss Event Frequency (LEF) is the probable frequency,
within a given timeframe, that a threat agent will inflict harm upon an asset. In basic terms this
can be thought of as how often a bad thing happens to something that we care about; for
example, how often your money is stolen, or how many times per year hackers perform a denial
of service attack against your online banking system.
Threat Event Frequency correct answers Threat Event Frequency (TEF) is the probable
frequency, within a given timeframe, that a threat agent will act in a manner that could result in a
loss. For example, the probable frequency, within a given timeframe, that a thief tries to steal the
money, a tornado hits a building, hackers perform a denial of service attack on your computer
system, etc.
Contact Frequency correct answers Contact Frequency (CF) is the probable frequency, within a
given timeframe, that a threat agent will come into contact with an asset. Contact can be physical
or "logical" (e.g., over the network).
Probability of Action correct answers Probability of Action (PoA is the probability that a threat
agent will act against an asset once contact occurs. Once contact occurs between a threat agent
and an asset, action against the asset may or may not take place. For some threat agent types,
especially natural threat agents, action always takes place. For example, if a tornado comes into
contact with a house, action is a foregone conclusion.
Vulnerability correct answers The definition of Vulnerability in the FAIR risk taxonomy departs
from the casual or informal use of the term. Vulnerability (Vuln) is the probability that a threat
event will become a loss event. Vulnerability exists when there is a difference between the force
being applied by the threat agent, and an object's ability to resist that force. This simple analysis
provides us with the two primary factors that drive Vulnerability: Threat Capability (TCap) and
Resistance Strength (RS).
Threat Capability correct answers Threat Capability (TCap) is the probable level of force that a
threat agent is capable of applying against an asset. Not all threat agents are created equal. In
fact, threat agents within a single threat community are not all going to have the same
capabilities.
Resistance Strength correct answers Resistance Strength (RS) is the strength of a control as
compared to a baseline measure of force. In simple terms, this can be considered the degree of
difficulty faced by the threat agent. For example, a wireless network secured by WPA2 has a
higher RS to a hacker community than one secured by WEP.
Loss Magnitude correct answers Loss Magnitude (LM) is the probable magnitude of loss
resulting from a loss event. The other side of the taxonomy under Loss Event Frequency
introduced the factors that drive the probability of loss events occurring. The Loss Magnitude
side of the taxonomy describes the other half of the risk equation - the factors that drive loss
magnitude when events occur.
