FAIR - Primary Loss Magnitude Values Definitions
  • 20 Mar 2024
  • 1 Minute to read
  • Dark
    Light

FAIR - Primary Loss Magnitude Values Definitions

  • Dark
    Light

Article summary

Overview

The ThreatConnect® Risk Quantifier (RQ) platform uses FAIR™ – primary loss magnitude value variables in some of its financial and probability calculations. Default values for these variables are provided, but users with the appropriate permissions may modify these values. This article provides definitions for the loss types listed on the FAIR – Primary Loss Magnitude Values tab of the Model Tuning screen within the settings for a Legal Entity.

Before You Start

Minimum Role(s)
  • RQ Pro Read Only for viewing FAIR – primary loss magnitude value variables 
  • RQ Pro Editor, RQ Pro Administrator, or RQ Enterprise Administrator for editing FAIR – primary loss magnitude value variables
PrerequisitesNone

Loss Types Definitions

Table 1 defines the loss types for all FAIR – primary loss magnitude value variables.

 

Loss TypeDefinitions

Fines and Judgment

The amount of fines or judgments you would expect to be levied against your organization through civil, criminal, or contractual actions

Fines and Judgment – HIPAA Fines

The amount of fines or judgments you would expect to be levied against your organization through civil, criminal, or contractual actions for losing personal health information (PHI) data

Fines and Judgment – Legal

The cost of the legal fees associated with fines and judgments levied against your organization through civil, criminal, or contractual actions

Fines and Judgment – PCI Fines

The amount of fines or judgments you would expect to be levied against your organization through civil, criminal, or contractual actions for losing payment card industry (PCI) data

Fines and Judgment – Settlement

The cost of the settlement fees associated with fines and judgments levied against your organization through civil, criminal, or contractual actions

Productivity

The loss you would expect to result from an operational inability to deliver products or services

Productivity – Ransom

The extortion, or ransom cost, you would expect to pay to malicious actors who hold your systems ransom

Productivity – Revenue

The revenue loss you would expect to incur from a cyber attack

Response

The loss you would expect to result from the costs of managing an event

Response – Credit Monitoring

The fees you would expect to pay for monitoring customers’ credit scores related to a loss of personal data

Response – Remediation

The cost you would expect to incur for mitigating, cleaning up, or preventing a threat from reoccurring


ThreatConnect® is a registered trademark of ThreatConnect, Inc.
FAIR™ is a trademark of The FAIR Institute.

20139-01 v.01.B


Was this article helpful?