The FAIR institute positions FAIR as a standard for cyber risk quantification.

FAIR principles can be applied "to clarify organizational risk appetite and tolerance as a basis for risk management planning".

[Source](https://www.fairinstitute.org/blog/cyber-risk-management-establishing-a-blueprint-with-fair)

Related:
- [Risk appetite](../💡Drafts%20and%20Ideas/Risk%20appetite.md)
- [Risk tolerance](../🎇%20Sparks/Risk%20tolerance.md)