Skip to content

joshua-m-connors/r-shiny-fair-risk-new

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

r-shiny-fair-risk-new

Shiny application that can estimate risk using factor analysis of information risk (FAIR) risk analysis methods as defined by The Open Group (https://www.opengroup.org/).

Leverages lognormal distributions for likelihood calculations and poisson lognormal distribution for impact calculations (based on findings of the Cyentia IRIS 2022 report (https://www.cyentia.com/iris/#iris-2022)). It was also influenced by the book How to Measure Anything in Cybersecurity Risk (https://www.howtomeasureanything.com/cybersecurity/) by Douglas Hubbard.

Distributions are used to calculate the various ranges of possible outcomes and are then combined to determine a final distribution of loss events.

The model can provide three sets of results:

  • Inherent (before controls) Loss Event Frequency (LEF)/Likelihood, Loss Magnitude (Loss)/Impact and Risk (1 and 10 year)
  • Current Residual (with existing controls) LEF/Likelihood, Loss/Impact and Risk (1 and 10 year)
  • Future Residual (after additional controls) LEF/Likelihood, Loss/Impact and Risk (1 and 10 year)

Within the application you can select to determine the LEF/likelihood range directly or indirectly, via threat event frequency (TEF), threat capability (TCAP), and resistance (control) strength (RS).

  • You may also determine Likelihood using TEF and vulnerability (VULN), without the use of TCAP and RS.

The inherent risk results are not provided when evaluating Likelihood directly due to inherent risk being a product of:

  • Increasing the TEF by 20% (assumes increased threat activity in the absences of controls)
  • Setting the VULN percentage to 95% (assumes there are some controls (5%) that are outside of the control of the organization)

These values were set somewhat arbitrarily, but the 95% VULN percentage is equivalent to a TCAP of 1% - 99% and a RS of 1% - 1%.

To use the Shiny applications you will need:

Open the global.R file in RStudio and click the Run App button in the top right corner of the code editing pane.

The application is written to be reactive, therefore results will update dynamically as other values are changed.

A demo version of the application can be viewed at ShinyApps.io: https://jconnors.shinyapps.io/r-shiny-fair-risk-github/

  • Note: this is posted under the free tier so excessive (>10 hours per month) use will result in the application becoming inaccessible.

Shiny Application Screen:

Screenshot From 2025-11-25 14-10-05 Screenshot From 2025-11-25 14-10-19

This is an update to another repository of mine (https://github.com/joshua-m-connors/r-shiny-fair-risk/tree/main) introducing various efficiency and visual improvements.

About

This is a new implementation of the original r-shiny-fair-risk repo that splits the Shiny app into three files, introduces a new UI, and implements various processing efficiencies.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages