Factor Analysis of Information Risk (FAIR)

Energy is using cyber risk assessments to make cloud decisions


The department has launched risk analysis initiatives at national labs, rather than waiting for the perfect metrics, to establish standards.

Why government is slow to endorse frameworks for quantifying cybersecurity risk


Until individual agencies like the Department of Energy and Department of the Treasury see success quantifying risk, the practice won't likely be mandated.