The FAIR institute positions FAIR as a standard for cyber risk quantification.

FAIR principles can be applied "to clarify organizational risk appetite and tolerance as a basis for risk management planning".

[Source](https://www.fairinstitute.org/blog/cyber-risk-management-establishing-a-blueprint-with-fair)

Related:
- [Risk appetite 1](../Sparks/Risk%20appetite%201.md)
- [Risk tolerance](..//Risk%20tolerance.md)