Cyber Risk Quantification using FAIR

Attend this training to understand how to build a robust cyber risk programme in a climate of increased costs. Challenges such as maintaining usability, human behaviour, risk culture and integrating your programme with IT will be addressed.

Organizations are increasingly transitioning to risk-based approaches to information security and operational risk management, as compliance to regulations alone provide only a minimum layer of security and fail to adequately protect them.

  • Information risk has become a business issue, not just a technology issue, as most business processes have digitalized.
  • Boards of directors and business executives want to understand an organization's loss exposure in financial terms to enable effective decision-making.
  • Risk and security professionals must become facilitators of the balance between protecting the organization and running the business. 

Factor Analysis of Information Risk (FAIRTM) is the only international standard quantitative model for information security and operational risk.

  • FAIR provides a model for understanding, analyzing and quantifying cyber risk and operational risk in financial terms.
  • It is unlike risk assessment frameworks that focus their output on qualitative color charts or numerical weighted scales.
  • It builds a foundation for developing a robust approach to information risk management.

RiskLens is the world leader in training security and risk professionals on the standard FAIR risk model. We understand that the journey to better cyber risk management involves changing existing thought paradigms, developing a solid understanding of the FAIR model, and adopting a common language around risk across the enterprise.

Josh Griffis

FAIR Risk Trainer


  • 13+ years in the Cyber Security Industry with 11 years in the Financial Services Industry and 2 years in the Retail Industry.
  • Longtime FAIR Practitioner and Advisor of Informed Risk Decisions since 2007
  • CISSP Certified since 2012
  • Specializing in Digital Forensics, Incident Response, Security Architecture, Threat Modeling, and Quantitative Risk Analysis
  • Managed the SOC for Women's Clothing Retailer
  • A Photography Hobbyist
  • Hardcore Gamer (PC, Console, Tabletop, Board, Card, etc.)
What will you learn?
  • How to consistently, logically, and repeatably analyze cyber risk in financial terms using the international standard FAIR model and straightforward 4-step analysis process. 
  • How to drive cost-effective decision-making in addressing cyber and operational risk.
  • The flaws and shortcomings of risk analysis based on “high/medium/low” ratings, subjective 1-5 scales, etc.
  • How to clearly define, measure, and communicate about cyber risk loss events and their probable frequencies and magnitudes while acknowledging uncertainty about the future. 
  • How to apply the basic concepts of range estimates, calibrated estimation, and Monte Carlo simulation to produce defensible forecasts of future loss from cyber events. 
  • How to justify cybersecurity control enhancements, budget allocation, and project prioritization based on accurate measurement of risk.  
  • How to apply FAIR to analysis of realistic case studies using the RiskLens platform, built by the authors of FAIR. 
Who should attend?

Relevant departments may include but are not limited to: 

  • Cyber Risk analysts, managers, and officers
  • Chief Information Security Officers 
  • Enterprise Risk Management analysts, managers, and officers
  • Information Security consultants/practitioners
  • Chief Risk Officers

Live Virtual training courses


Our live virtual training courses have been designed to engage and inspire you. Much more than a webinar, our approach includes:

  • Technical content compressed into 60-minute interactive sessions and spread out over two, three or four days

  • Facilitated collaboration including Q&A, interactive polling and group workshops

  • Live interaction with subject matter experts – get your questions answered in real time

  • Receive comprehensive course materials and supporting content from to reinforce your learning

  • Stay connected with other learners and extend your network by joining our dedicated LinkedIn group for course participants

CPD and CPE Accreditation


CPD Accreditation

This course is CPD (Continued Professional Development) accredited and will allow you to earn up to 8 credits. One credit is awarded for every hour of learning at the event.

CPE Accreditation

This course is CPE (Continuing Professional Education) accredited and will allow you to earn up to 8 credits. One credit is awarded for every hour of learning at the event in accordance with the standards of the National Registry of CPE Sponsors.

Not the course for you?

Risk Training offers a great selection of courses providing practical guidance on the latest trends, challenges and regulatory changes that span risk management, regulation and derivatives.

View all courses


Risk Training’s self-paced E-Learning platform offers Essentials of Operational Risk programme, plus more topics to come soon.