About the course

About the course

Organizations are increasingly transitioning to risk-based approaches to information security and operational risk management, as compliance to regulations alone provide only a minimum layer of security and fail to adequately protect them.

  • Information risk has become a business issue, not just a technology issue, as most business processes have digitalized.
  • Boards of directors and business executives want to understand an organization's loss exposure in financial terms to enable effective decision-making.
  • Risk and security professionals must become facilitators of the balance between protecting the organization and running the business. 

Factor Analysis of Information Risk (FAIRTM) is the only international standard quantitative model for information security and operational risk.

  • FAIR provides a model for understanding, analyzing and quantifying cyber risk and operational risk in financial terms.
  • It is unlike risk assessment frameworks that focus their output on qualitative color charts or numerical weighted scales.
  • It builds a foundation for developing a robust approach to information risk management.

RiskLens is the world leader in training security and risk professionals on the standard FAIR risk model. We understand that the journey to better cyber risk management involves changing existing thought paradigms, developing a solid understanding of the FAIR model, and adopting a common language around risk across the enterprise.

What will you learn?
  • How to consistently, logically, and repeatably analyze cyber risk in financial terms using the international standard FAIR model and straightforward 4-step analysis process. 
  • How to drive cost-effective decision-making in addressing cyber and operational risk.
  • The flaws and shortcomings of risk analysis based on “high/medium/low” ratings, subjective 1-5 scales, etc.
  • How to clearly define, measure, and communicate about cyber risk loss events and their probable frequencies and magnitudes while acknowledging uncertainty about the future. 
  • How to apply the basic concepts of range estimates, calibrated estimation, and Monte Carlo simulation to produce defensible forecasts of future loss from cyber events. 
  • How to justify cybersecurity control enhancements, budget allocation, and project prioritization based on accurate measurement of risk.  
  • How to apply FAIR to analysis of realistic case studies using the RiskLens platform, built by the authors of FAIR. 
Who should attend?

Relevant departments may include but are not limited to: 

  • Cyber Risk analysts, managers, and officers
  • Chief Information Security Officers 
  • Enterprise Risk Management analysts, managers, and officers
  • Information Security consultants/practitioners
  • Chief Risk Officers