Factor analysis of information risk (FAIR) is a taxonomy of the factors that contribute to risk and how they interact. It concerns establishing accurate probabilities for the frequency and magnitude of data loss events. While often called a methodology, it is, in fact, not a formal risk methodology.