A professional, web-based tool for conducting quantitative cybersecurity risk assessments using the FAIR (Factor Analysis of Information Risk) methodology.
- π― Interactive Monte Carlo Simulation - Run 1,000 to 50,000 simulations for statistical rigor
- π External vs Internal Factor Grouping - Clear visual distinction between controllable and uncontrollable risk factors
- ποΈ Configurable Risk Tolerance - Set custom thresholds (Conservative/Moderate/Aggressive/Custom) aligned with your risk appetite
- π‘ Comprehensive Help System - 35+ in-context tooltips with FAIR-aligned definitions
- π Rich Visualizations - Interactive charts with distribution, exceedance curves, percentiles, and LEF analysis
- π¨ Preset Scenarios - 9 pre-configured risk scenarios for common threats (Ransomware, Data Breach, BEC, DDoS, Insider Threat, Zero-Day, Device Theft, System Outage, Supply Chain)
- π° ROI Calculators - Built-in ROSI analysis and insurance recommendation tools
- π₯ Multiple Export Formats - JSON, CSV, and formatted text reports
- π Educational Design - UI teaches FAIR principles through its structure
# Clone the repository
git clone https://github.com/yourusername/fair-risk-dashboard.git
cd fair-risk-dashboard
# Create virtual environment
python -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate
# Install dependencies
pip install -r requirements.txt
# Launch the dashboard
streamlit run fair_dashboard.pyThe dashboard will automatically open in your browser at http://localhost:8501
- Load a preset scenario (e.g., "Ransomware Attack")
- Click the (?) help icons to learn FAIR terminology
- Adjust parameters to match your organization
- Click "Run Simulation"
- Explore the four visualization tabs
- Export your results
The dashboard clearly distinguishes between factors you can and cannot control:
π External Factors (Threat Landscape)
- Contact Frequency - Industry-wide threat volume (you can't control)
π’ Internal Factors (Your Organization)
- Threat Event Frequency & Probability of Action - Your attractiveness as a target (partially controllable)
- Vulnerability - Your security control effectiveness (directly controllable)
- Loss Magnitudes - Your specific costs and exposure (partially controllable)
This distinction is fundamental to making smart security investment decisions.
- Getting Started Guide - Complete user guide with tutorials
- FAIR Quick Reference - Essential FAIR terminology and concepts
- UI Reorganization Guide - Understanding external vs internal factors
- Help Text Reference - Complete catalog of all tooltips
- Changelog - Version history and updates
This tool implements the FAIR (Factor Analysis of Information Risk) standard for quantitative risk analysis:
Risk = Loss Event Frequency Γ Loss Magnitude
Where:
LEF = Threat Event Frequency Γ Vulnerability
TEF = Contact Frequency Γ Probability of Action
LM = Primary Loss + Secondary Loss (when applicable)
Learn More:
- Quantify cyber risk in financial terms
- Compare different risk scenarios
- Justify security investments with ROSI calculations
- Track risk reduction over time
- Professional client presentations
- Standardized risk assessment methodology
- Clear communication of complex risk concepts
- Generate client-ready reports
- Understand risk in business terms (% of revenue)
- Make informed risk acceptance decisions
- Evaluate security investment proposals
- Set realistic risk appetite thresholds
- Framework: Streamlit (Python web framework)
- Simulation: NumPy (Monte Carlo engine)
- Visualization: Plotly (interactive charts)
- Data Export: Pandas (CSV/JSON export)
- Distributions: PERT, Lognormal, Normal, Uniform
- ποΈ Configurable risk tolerance thresholds
- π Four preset profiles (Conservative/Moderate/Aggressive/Custom)
- π Visual threshold indicators on charts
- π― Industry-aligned risk assessment
- π Four new threat scenarios (Zero-Day, Device Theft, System Outage, Supply Chain)
- β¨ Visual grouping of external vs internal factors
- π¨ Bordered containers for clear section separation
- π Enhanced help text with controllability indicators
- π New UI Reorganization Guide
- π‘ 35 comprehensive help tooltips (100% coverage)
- π FAIR-aligned definitions with examples
- π Self-service learning capability
- π― Core FAIR risk assessment functionality
- π Monte Carlo simulation engine
- π Interactive visualizations
- π₯ Export capabilities
See CHANGELOG.md for detailed version history.
Contributions are welcome! Please feel free to submit a Pull Request.
# Clone and setup
git clone https://github.com/yourusername/fair-risk-dashboard.git
cd fair-risk-dashboard
python -m venv venv
source venv/bin/activate
pip install -r requirements-dev.txt
# Run tests
pytest tests/
# Run with hot reload
streamlit run fair_dashboard.py --logger.level=debug- Follow PEP 8 style guidelines
- Maintain FAIR methodology alignment
- Update help text for new features
- Add tests for new functionality
- Update documentation
This project is licensed under the MIT License - see the LICENSE file for details.
- FAIR Institute - For the FAIR methodology and standard definitions
- Jack A. Jones - Creator of the FAIR framework
- BARE Cybersecurity - Project sponsor and primary use case
- Documentation: See docs/ directory
- Issues: GitHub Issues
- Discussions: GitHub Discussions
- FAIR Resources: fairinstitute.org
If you find this tool useful, please consider starring the repository!
Built with β€οΈ for the cybersecurity community
Making quantitative risk analysis accessible to everyone