To assist small and midsized businesses make risk-based decisions based on cybersecurity cost exposure, information security consulting firm vCISO Services, LLC announced today the immediate availability of their licensed quantitative information risk assessment offering based on The Open Group Open FAIR Body of Knowledge.

"We beta-tested Open FAIR, and immediately realized the business value for our clients," vCISO Services, LLC principal Greg Schaffer said. "Our Open FAIR certified resources leverage Open FAIR's Risk Analysis Tool to help companies prioritize cybersecurity resources based on real cost exposure and not a color scheme representation of opinion."

The Factor Analysis of Information Risk, or FAIR, uses known cost and historical data to provide executive management and board of directors with meaningful cost exposure ranges. "As a CISO, I created FAIR so that I could help my executive stakeholders make better decisions. The improvements in our ability to prioritize and communicate were beyond anything I had anticipated," said Jack Jones, the developer of FAIR.

"We are pleased to have vCISO join the ranks of commercial licensees of Open FAIR, and to also join the Security Forum to contribute to the ongoing development of our standards and best practices," said Jim Hietala, VP, Business Development and Security at The Open Group. The Open Group maintains a list of commercial Open FAIR licenses at https://www.opengroup.org/certifications/openfair/commercial-licensees.

Traditionally, information risk assessments have been qualitative in nature, relying solely on the opinions of experts whether a risk is high, medium, or low, often displayed as red, yellow, and green "heat maps." Such subjective assessments cannot provide accurate insight into information risk exposure.  vCISO Services, LLC offers FAIR-based quantitative information risk assessments both as standalone projects and as part of their Gold and Diamond Virtual CISO packages.