This chapter focuses on helping the reader understand how to get started with applying factor analysis of information risk (FAIR) in their organization. To achieve this, it provides a high-level maturity model that describes levels of maturity between the implicit and explicit ends of the continuum. It also provides a hypothetical example of how one organization began its journey along that path. A process for performing root cause analyses is also provided, which can be a critical factor in attacking systemic problems within an organization. This chapter also discusses ways in which FAIR can help organizations squeeze more value from their governance, risks, and compliance (GRC) implementation and ...