About Course

Two day description of this Cyber Risk course

All you need to know about the course

Risk managers are drowning in a sea of audit findings, penetration testing results, “critical” or “high risk” vulnerabilities, and compliance requirements. Despite our best efforts, cybersecurity incidents and operational loss events continue, as do calls for more stringent regulatory requirements and increased non-compliance penalties. The organizations who will successfully navigate these waters are those who know how to consistently define, accurately measure, and effectively communicate about risk in the language of the business -- dollars. FAIR analysis allows you to do just that. After this seminar you’ll never want to use a heat map again, and with good reason! There is now a logical, useful, simple quantitative risk analysis method being implemented in industry-leading organizations across the globe. FAIR is changing the risk management industry – don’t get left behind.

The FAIR Analysis Fundamentals course is the introductory course offered by the RiskLens Academy. Designed to prepare participants for the Open FAIR Certification Exam, the course discusses the challenges with qualitative risk management methods and introduces the FAIR model and terminology, calibrated estimation, and the measurement concepts necessary to begin conducting quantitative risk analysis. FAIR Analysis Fundamentals provides the conceptual foundation and practical experience necessary to competently perform FAIR analyses. Whether online or in-person, the FAIR Analysis Fundamentals course is led by experienced practitioners, is accredited by the Open Group, and will improve participants' ability to identify, measure, and communicate risk. 

  • 2 days of hands-on instruction delivered by an experienced FAIR practitioner from RiskLens

  • Course manual and exercises

  • Access to the RiskLens software platform so you can complete case studies

  • A study guide to prepare you for the OpenFAIR Certification Exam offered by The Open Group

  • A voucher to completely defray the cost of your certification exam

In order to effectively manage risk, an organization has to make well-informed decisions. Making decisions involves making comparisons. Which risk scenario should we seek to mitigate? Which remediation plan will reduce risk in the most cost-effective manner? These comparisons require meaningful measurement

Today, risk is measured on 1-5 scales and given high, medium, or low labels. These "measurements" aren't rational or logically defensible and suffer from the subjective biases of both the analyst and the consumer. How do you know what someone means when they say "this is a medium risk?" Which high/red risk is higher/more red? Is reducing a high risk to a medium risk worth the cost of the mitigation strategy? Without meaningful measurements we can't make well-informed decisions in the risk management space. 

To meaningfully measure risk you need a logical framework and repeatable process that provides more objective results in the form of a range of possible loss over a given timeframe. Only then can you compare and see which scenario presents more risk to your organization or which mitigation strategy you should go with.