Cyber Risk Modeling: FAIR Analysis Fundamentals

Master the use of FAIR-based analysis for managing cyber risk.

Cyber Risk Modeling: FAIR Analysis Fundamentals

June, 2020

View agenda here    View pricing options here


COVID-19 update

Due to the escalation of the COVID-19 developments and the restrictions being placed on travel, Risk Training has taken the decision to provide our May, June and July training courses virtually.

The decision to move remotely has not been taken lightly, but our utmost priority is to safeguard the wellbeing of all our delegates, speakers and staff.

We are hopeful that we will be able to return to our in-person events later this year, however as this unprecedented situation is changing every day, we remain watchful but also focused on delivering this much anticipated course.


01 June 2020
2020-06-01 08:30:00 +0100

About the course

As the number and complexity of cybersecurity attacks continues to increase, it is more important than ever that organizations have the ability to measure risk from various scenarios and prioritize the scenarios with the largest forecasted losses for mitigation.

Once a scenario is selected for mitigation, it is critical that the most cost-effective solution be chosen - that is, the solution that reduces the largest amount of risk per dollar spent in implementation. FAIR-based risk analysis enables these decisions and many more.

What will you learn?
  • Understand, explain and apply consistent FAIR-based terminology
  • Apply the FAIR model to risk scenarios
  • Use various measurement concepts to select scenarios for analysis and estimate risk factors
  • Understand the use of calibrated estimation in quantitative risk analysis
  • Follow a consistent process to scope risk scenarios for analysis
  • Map various controls to corresponding parts of the FAIR model
  • Understand and interpret the results of a FAIR analysis
Who should attend?

This course will benefit anyone who needs to understand how to measure and manage cyber risk, including:

  • Chief risk officers
  • Chief information security officers
  • Chief information officers
  • Enterprise risk management leaders and analysts
  • Information risk management leaders and analysts
Sessions include
  • Flaws of qualitative analysis 
  • Fundamental concepts of quantitative risk analysis 
  • Example analysis: ransomware 
  • The risk analysis process 
  • Class case study activity 
  • Small group / individual case study activity  
  • Information on OpenFAIR certification exam

David Musselwhite

Risk consultant and head of training


David Musselwhite is a risk consultant and head of training for RiskLens, the leading provider of cyber risk quantification software and professional services. David is an expert FAIR practitioner and helped to create and lead a completely FAIR-based Enterprise Risk Management program at one of the nation's largest financial services firms. Prior to entering the world of quantitative risk management he taught high school math in Detroit Public Schools. When not talking risk David can be found reading, petting every dog in sight, or pursuing his semi-professional side career in music and theatre.
Twitter: @ariskmind