The Factor Analysis of Information Risk (FAIR) framework, the Introduction to the Factor Analysis of Information Risk White Paper, and Basic Risk Assessment Guide are released by Risk Management Insight, LLC under:
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 2.5 License.
License FAQ
Why are you doing this?
To spread the use of FAIR. We believe that the continued adoption and use of FAIR will really benefit the community at large.
What are the specifics of the Creative Commons License (CCL) you’re releasing FAIR under?
The language for the CCL is here (http://creativecommons.org/licenses/by-nc/2.5/).
I work for a company that is interested in adopting FAIR as a risk assessment standard. Do I have to pay you a fee?
Nope! We hope that you’ll consider attending a training session or buying some productivity tools from RMI, but you can feel free to "roll your own."
I work for a consultancy and want to use FAIR in the risk assessments we perform for our clients. Do I have to pay you a fee?
If you charge for you FAIR work, yes. The CCL says: "The licensor permits others to copy, distribute, display, and perform the work. In return, licensees may not use the work for commercial purposes — unless they get the licensor’s permission."
I’m using FAIR and I have a paper/software/book/something I developed because of FAIR. What does the CCL mean to me?
It means you’ll need to share-alike. If you’re going to create works for consumption beyond your own personal use, then the CCL states that you need to share them under at least the same CCL we released FAIR under. If you want to charge for FAIR-based consulting or content you’ve developed (software, documentation, what have you…) then you’ll need to talk to RMI about licensing.
What’s the purpose of the FAIR forum?
We believe that FAIR can help our community become more effective, and more successful. As such, we want to help spread the use of FAIR and help FAIR evolve as a framework. To do so, we realized that FAIR needs a non-commerical body to help in advocacy. So our intention for it is to serve as an independent governing body and a centralized focal point for the FAIR community apart from RMI.
A secondary purpose is for the forum to establish FAIR as an open, international standard. These days there is quite a bit of misconception and confusion about information risk. As such, we felt we needed something other than "this is what the smart consultant says risk is" to help FAIR advocates facilitate the adoption of FAIR.
Finally, FAIR use is spreading. While RMI can keep our ear to the ground about cool new ways FAIR is being used or what various risk analysts have discovered using FAIR, we can’t know everything. We hope that the forum will become a place to exchange ideas and facilitate discussions.
How do I join the FAIR forum/I have other questions concerning FAIR, the CCL, etc…?
Contact RMI.
January 5th, 2007 at 2:18 pm
[...] We’ve put up a webpage with some FAQs and answers here. [...]
January 28th, 2009 at 5:08 pm
[...] is the brain child of Jack J. Jones, CISSP, CISM, CISA of Risk Management Insight, LLC and has been released under the Creative Commons Attribution-Noncommercial-Share Alike 2.5 [...]