Assessing risk requires an understanding of the potential impact across the enterprise value chains: the sales, operations, product development life cycle, supply chain, analytical, financial, and engineering domains. It can therefore be useful to consult multiple risk models when defining strategies that will work across the enterprise domains.
For example, if one considers security from a game theory perspective, then it is possible to restrict the amount of analysis completed in a framework like FAIR or, alternatively expand it to include consideration of Black Swan scenarios. Depicted below is a Baseline Controls risk mapping scenario, a simplified reduction from FAIR to use for GRC control risk assessments.
