FAIR Risk Model Calculator

Risk Scenario 1

Scenario Name (Optional)

This section determines how often a loss event is expected to occur. It is calculated from Threat Event Frequency and Vulnerability.

Threat Event Frequency (TEF)

How many times per year a threat is expected to act.

Vulnerability (Vuln) %

The probability a threat event becomes a loss event.

This section determines the probable financial loss when a loss event occurs. It's the sum of Primary and Secondary losses.

Primary Loss Range ($)

Direct costs from the event (e.g., hardware replacement).

Secondary Loss Range ($)

Indirect costs (e.g., reputational damage, fines).

Enter the annualized cost of controls and their effectiveness in reducing vulnerability.

Mitigating Control Cost ($)

Annualized cost of the control.

Control Effectiveness (%)

The percentage vulnerability is reduced by.